The Enterprise Research Group (ESG) recently conducted a study to gauge the cyber security hygiene practices of enterprises. The survey was comprised of a sample size of nearly four hundred IT and cyber security professionals across America.
The findings of this report are worrying signs for the level of security hygiene and posture management that enterprises are exercising in the present environment. Here is a gist of the study, and a few numbers to ponder upon deeply.
- 86% of the respondents perceived they were following best practices for security hygiene and robust posture management, but the reality is quite the opposite.
- Almost 31% of the respondents found their sensitive data stored at previously unknown locations / places, raising a lot of questions on management.
- 30% of the respondents discovered their websites had a path right back to their organizations, making the possibility of a cyber attack highly probable.
- During their audit, another 29% of the respondents discovered the corporate credentials of their employees here and there.
- Nearly 28% enterprises were able to un-earth previously unknown SaaS applications, which were vulnerability in themselves, apart from the associated costs.
Based on the above stats around security hygiene and posture management, the following issues are important for enterprises to consider.
- The whole process of establishing security hygiene and a robust posture management begins with taking stock of all your digital assets.
- Once the entire digital estate is fully accounted for, then begins the process of establishing all-encompassing controls for each individual component.
- Lastly, the strong implementation of these controls is extremely important, and this needs to be across the board.
- It is also extremely important to assess your security hygiene and posture management mechanisms, for any improvements or tweaks.
This has to be a repetitive affair, as the cyber security environment around us is constantly evolving. It is extremely important that any mechanisms that are in place for security hygiene and posture management need to be contextually relevant.