SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image

Picus report reveals flaws in threat exposure management

Fri, 2nd Aug 2024

Analysis by Picus Security has highlighted a significant vulnerability in many IT environments, stating that 40% of tested systems are susceptible to a full takeover by malicious actors.

The findings are detailed in the Blue Report 2024: State of Exposure Management, which draws insights from 136 million simulated cyber-attacks.

The research suggests that macOS endpoints are particularly vulnerable, with only 23% of simulated attacks being prevented. In comparison, Windows and Linux systems showed a more robust defence, blocking 62% and 65% of attacks, respectively. This disparity is attributed to the inadequate configuration and management of macOS devices by security teams.

Dr. Suleyman Ozarslan, co-founder and Vice President of Picus Labs, said, "It's clear that organizations are still experiencing challenges when it comes to threat exposure management and balancing priorities. Small gaps that lead to attackers obtaining domain admin access are not isolated incidents; they are widespread." He referenced a recent attack on MGM, where domain admin privileges were exploited, halting operations and causing massive disruptions.

The report identifies a significant issue in threat detection across various organisations. While companies manage to prevent 70% of attacks on average, half of these attacks were not logged by detection tools, and only a fraction triggered any warning alerts. This underlines the existing gaps in threat exposure management and the potential for attackers to move laterally across networks without detection.

Volkan Ertrk, Picus Security co-founder and CTO, emphasised the need for improved security measures for macOS systems. "While we have found Macs are less vulnerable to start, the reality today is that security teams are not putting adequate resources into securing macOS systems," he said. He highlighted the importance of validating macOS configurations to surface issues, a task facilitated by threat repositories like the Picus Threat Library.

The report also sheds light on other critical security concerns. It notes that 25% of companies use common language passwords, making it easier for attackers to crack hashed passwords and gain clear-text credentials. Additionally, organisations only deter 9% of data exfiltration techniques, which are frequently used in ransomware attacks to steal sensitive data. Among ransomware groups, BlackByte poses the most formidable challenge, with defence measures effective in only 17% of cases. BabLock and Hive also present significant difficulties, being thwarted by 20% and 30% of organisations, respectively.

The report serves as a comparative tool for security teams to benchmark their performance and underscores the need for continuous improvement in both technology and processes. The primary takeaway is the identification of significant gaps in threat exposure management, reinforcing the importance of validating and configuring all endpoint systems effectively.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X