Expanding Attack Surface and Cybersecurity Alert Fatigue Hinder Cyber Hygiene Basics

By

Cybersecurity alert fatigue is an issue that is long overdue for a real solution. The average cybersecurity team is facing a backlog of 120,561 findings and alerts awaiting review. This is a major problem for any company with a rapidly growing attack surface. Which of these possible or actual security issues poses a real threat to their organization—and what chance do they have of finding it in time?

Basic cyber hygiene measures offer effective protection against common threats such as ransomware and web application attacks—and yet data breaches continue to plague today's enterprises. Why? What's preventing security teams from doing cyber hygiene basics for protecting their organization? Simply put, the modern attack surface has grown too large and complex, too quickly for these teams to keep up. As a vast landscape of cyber assets generates a flood of alerts, security professionals struggle to investigate issues in a timely manner, much less work proactively to improve their security posture. Cybersecurity alert fatigue has set in, and we need to address the problem head-on.

To gain a better understanding of the situation, JupiterOne has undertaken a wide-ranging research study to examine the current state of cyber assets. Using data from the organizations who use JupiterOne's Cyber Asset and Attack Surface Management (CAASM) product, we analyzed over 370 million cyber assets, findings, and policies across almost 1,300 organizations—and found the scale of the problem to be truly overwhelming.

This blog is the first in our five-part series exploring the findings in the JupiterOne 2022 State of Cyber Assets Report.

The expanding attack surface puts organizations at risk

The enterprise technology ecosystem has been rapidly reshaped by API-first, cloud-first, and digital transformation initiatives; hybrid work models; and shadow IT. While these trends offer powerful business benefits, they come at a high cost to security. As more cyber assets enter the environment, companies increasingly face the risk of a cyberattack that starts through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset.

The 2022 State of Cyber Assets Report reveals the full scope of the challenge. The average security team is responsible for 165,633 cyber assets, including:

  • 28,872 cloud hosts
  • 12,407 network interfaces
  • 55 applications per human employee
  • 59,971 data assets (including 3,027 secrets), and
  • 35,018 user assets.

It's not just the sheer number of assets that matter. Understanding the relationships among them—does this user have access to an Amazon Web Services (AWS) environment? Does this IoT device connect to critical production systems?—is critical to assess and limit the blast radius of a potential compromise. Maintaining an accurate and timely inventory of cyber assets and relationships across a complex, ever-changing environment can be immensely challenging, but without it, SecOps teams are flying blind.

Meanwhile, security teams face a relentless flurry of alerts and findings. While some might call for major engineering to be resolved, many more will require no action—but must still be examined individually nonetheless. Over the course of days, weeks, and months, even dedicated professionals become burned out and liable to human error.

Helping security teams beat cybersecurity alert fatigue

With cybersecurity talent in short supply—and priced at a premium—organizations need to help their existing teams become more efficient, productive, and proactive. This requirement has driven the rise of CAASM solutions, which enable organizations to discover and view all of their assets, internal and external, known and unknown, and the relationships among them. With this understanding and visibility, organizations can improve detection and response, close security gaps, and avoid compliance drift. During a security event, they can determine the blast radius of a compromised asset, then respond more quickly and effectively to the breach.

In our next blog, we'll look at the findings of the JupiterOne 2022 State of Cyber Assets Report on the state of cybersecurity skills training.

Jasmine Henry
Jasmine Henry

Jasmine Henry is a security practitioner who's used JupiterOne to create a compliant security function at a cloud-native startup. She has 10 years of experience leading security programs, an MS in Informatics and Analytics, and a commitment to mentoring rising security practitioners from underrepresented backgrounds. Jasmine is a Career Village co-organizer for The Diana Initiative security conference. She lives in the Capitol Hill neighborhood of Seattle, WA.

To hear more from Jasmine, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

Keep Reading

What’s new in JupiterOne: Reducing time to value with the new Query Builder (Part 2)
February 6, 2023
Blog
What’s new in JupiterOne: Reducing time to value with the new Query Builder (Part 2)

The new JupiterOne Query Builder streamlines your querying experience by eliminating errors, simplifying query builds, and reducing time to value.

The top 10 questions that every engineering leader should be able to answer
February 2, 2023
Blog
The top 10 questions that every engineering leader should be able to answer

We polled some of our engineering leaders to see what it takes to succeed. In part two, we see if their answers align with the CISOs we talked to.

Identify compromised versions of Github using JupiterOne
January 31, 2023
Blog
Identify compromised versions of GitHub apps using JupiterOne

As a preventative measure, Github will be deprecating the Mac and Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.