Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more


A new report from Enterprise Strategy Group (ESG) and JupiterOne warns of inadequate security hygiene and posture management practices at many organizations. The research found that 86% of organizations believe they follow best practices for security hygiene and posture management. However, 70% of organizations said they use more than ten security tools to manage security hygiene and posture management, which raises concerns about data management and operations overhead.

In addition, 73% of security professionals admitted that they still depend on spreadsheets to manage security hygiene and posture at their organizations. As a result, 70% of respondents said that security hygiene and posture management had become more difficult over the past two years as their attack surfaces have grown.

Overall, the report suggests that security asset management programs are too often informal, disorganized, and immature. It proposes that organizations would benefit from adopting greater integration technologies, advanced analytics, and process automation.

The survey also exposed many dangerous vulnerabilities, as nearly one-third of respondents (31%) said they discovered sensitive data in previously unknown locations, and 30% found websites with a path to their organizations. In addition, 29% uncovered employee corporate credentials or misconfigured user permissions, while 28% exposed previously unknown SaaS applications. Perhaps most troubling is the fact that 69% of organizations admitted they had experienced at least one cyber-attack that started through the exploit of an unknown or unmanaged internet-facing asset, including software, cloud-based workloads, user accounts, and IoT devices.

As a result of these threats, the survey found that 80% of organizations plan to increase spending for security hygiene and posture management within the next 18 months. The top budget priorities areas include data security tools (31%), cyber-risk quantification tools (30%), and cloud security posture management (28%).

For the report, ESG conducted an online survey of 398 IT and cybersecurity professionals from private- and public-sector organizations across North America.

Read the full report by ESG and JupiterOne.

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member