94 percent of critical assets can be compromised within four steps of a breach

Network security

A new study from Israel-based XM Cyber, based on findings from nearly two million endpoints, files, folders and cloud resources throughout 2021, shows 94 percent of critical assets can be compromised within just four steps of the initial breach point.

The research team analyzed the methods, attack paths and impacts of attack techniques that imperil critical assets across on-premise, multi-cloud and hybrid environments, and developed tips for thwarting them.

Using data from XM Cyber’s attack path management platform, the study shows that 73 percent of the top attack techniques involve mismanaged or stolen credentials. In addition, 95 percent of organizational users have long-term access keys attached to them that can be exposed.

The main attack vectors in the cloud are misconfigurations and overly permissive access, and 78 percent of businesses are open to compromise every time a new Remote Code Execution (RCE) technique is found.

But by knowing where to disrupt attack paths, organizations can reduce 80 percent of issues that would otherwise have taken up security resources.

“Modern organizations are investing in more and more platforms, apps and other tech tools to accelerate their business, but they too often fail to realize that the interconnection between all these technologies poses a significant risk,” says Zur Ulianitzky, head of research at XM Cyber. “When siloed teams are responsible for different components of security within the network, nobody sees the full picture. One team may ignore a seemingly small risk, not realizing that in the big picture, it’s a stepping stone in a hidden attack path to a critical asset. To keep pace with today’s technology and business demands, attack path remediation must be prioritized.”

The full report is available from the XM Cyber site.

Image credit: fotogestoeber/Shutterstock

Author: Martha Meyer