New research by Armis shows organisations in the U.K. are facing immediate cybersecurity challenges, stemming from a heightened regulatory environment, staffing and recruitment difficulties and an expanded attack surface.
In this complex environment, threat intelligence has become the top priority on their agenda, but with inventory information often updated infrequently, annually or quarterly in some cases, and a skewed view of what is connected to the network, security breaches are becoming more common.
“Technology environments continue to become more complex through evolving multi-year transformations,” said Curtis Simpson, CISO, Armis. “Simultaneously, vulnerabilities are disclosed at an unparalleled rate and attackers are evolving their capabilities at scale. In these circumstances, security programs cannot run on intuition.
“Businesses require continuous visibility and intelligence to understand the technical assets powering the business and how the corresponding attack surface can or is being exploited with the potential for material impact.”
Armis’ research on the current cybersecurity landscape in the U.K. uncovered the following findings:
- Professionals identified the biggest challenges in the past 6 months as:
- Keeping up with threat intelligence
- Compliance with cybersecurity regulations and frameworks
- Staffing and recruitment
- The ever expanding attack surface
- Visibility into all assets connected to the network
Securing the supply chain and the convergence between IT and OT also ranked high with 23.8% and 23.3% professionals respectively highlighting its importance.
- When asked how often they updated the inventory of assets connected to their network 15.5% of respondents said annually, 14.1% said quarterly, 32.4% said monthly, 22.5% said weekly, only 9.9% said daily and even 2.8% answered never. Looking at the same study in the U.S. the numbers differ, with most companies updating their inventory on a daily and weekly basis.
- According to proprietary data from the Armis Asset Intelligence and Security Platform collected between January, 2023 and April, 2023, 53% of Armis’ customer base has more than 35,000 devices on their network, while a third (35%) has more than 100,000 network devices. In contrast, when asked how many devices they think are on their organisation’s network 96% of respondents said 35,000 or less, 2.5% said 35,001-100.000 and only 1.5% of respondents said they had 100,000 devices or more.
- Most organisations use multiple tools to monitor their connected assets, with 60% using more than 5 tools – and up to 50 in some instances. A quarter (27.5%) of organisations use 3 to 4 different tools to monitor their asset landscape, 7.7% use 1 or 2 tools and 0.8% of IT professionals answered ‘None’.
- A further 34.3% of professionals said they monitor all connected assets mainly through a Configuration Management Database (CMDB), 21.3% work with a SaaS visibility solution provider, 8.8% use Manual Spreadsheets and 29.5% said other. Additionally, 6.1% of respondents said they only monitor corporate assets in their organisation or do not monitor all connected devices.
- Half (54.8%) of respondents said they had suffered a breach or ransomware attack in the last 5 years, with 43.8% stating that it had been caused by employee phishing and 23.3% as a result of an IoT device hack. 16.9% of respondents said that they had suffered a breach due to a known vulnerability that had not been patched, while 13.2% indicated the breach was caused by an unpatched device. These attack vectors closely align with those of the U.S.
- The three strategies that U.K. companies will be implementing in view of the escalation in nation sponsored cyberwarfare and the guidance from the National Cyber Security Centre (NCSC) are:
- Verifying access control with steps such as reviewing employee passwords, implementing MFA or reviewing third party access.
- Reviewing system patching and high severity alerts.
- Creating or updating the company incident response plan.
“These research findings show organisations are struggling to monitor all devices in their environment. Without the proper information, prioritisation is going to be a shot in the dark and even a known vulnerability can become the catalyst of an attack. Having a real-time view of all the assets in your environment and understanding asset behaviour will help determine what risk it may pose to the organisation and prioritise remediation,” continued Simpson.
The Armis Asset Intelligence and Security Platform automatically collects and analyses data through hundreds of meaningful integrations, delivering the industry’s most comprehensive asset intelligence.
Its Collective Asset Intelligence Engine is the world’s largest asset knowledgebase tracking over three billion devices and growing. This massive, crowd-sourced, cloud-based asset behaviour knowledgebase provides unique device information such as how often each asset communicates with other devices, over what protocols, how much data is typically transmitted, whether the asset is usually stationary, what software runs on each asset and more.
These real-time, contextual insights enable Armis to understand not only what the asset is and what it is doing, but what it should be doing, comparing asset behaviour to “known-good” baselines.
When an asset operates outside of its baseline, Armis issues an alert or can automatically disconnect or quarantine an asset.
Armis will be attending Infosecurity Europe in London at the Excel Center on June 20-22, 2023 and will be located in booths W20. For more details of what the company has planned at the event or to book a meeting, please visit: https://www.armis.com/infosec-2023/