Introducing the 2022 State of Cyber Assets Report

by

The inaugural State of Cyber Assets Report (SCAR) offers insights from over 370 million cyber assets across 1270 organizations. We conducted this research to understand how the proliferation of software-defined assets has changed the topology of attack surface management and security best practices.

If every cyber asset in this dataset was represented by a drop of water, the whole dataset would equate to nearly 5,000 gallons of water. That's enough water to fill the average guest bedroom in the U.S. (10' x 10' x 8') with just enough space to keep one's head above water.

Organizations are drowning in cyber assets.

What does this mean for individual security professionals?

On average, there are 0.106 cybersecurity professionals per single U.S. business entity1, which means there are approximately 135 security professionals across the 1270 organizations in the report's dataset carrying the weight of cyber assets.

Considering that a gallon of water weighs about 8lbs, that's nearly 5,000 gallons spread across 135 security professionals (at 1270 organizations) which means each carries about 290 lbs.

The average person can't even squat the equivalent of their body weight, let alone 300lbs.

It's no wonder why burnout is so rampant in the security profession.

Unfortunately, the pure volume of cyber assets isn't the only thing that's contributing to the chaos. The complexity of relationships between cyber assets and their attributes are additional elements of a perfect storm in a rapidly changing attack surface landscape.

The 2022 State of Cyber Assets Report dives into:

  • The superclasses of cyber assets like devices, networks, applications, data, and users
  • The attributes of these cyber assets such as findings and policies
  • The relationships between the attributes and cyber assets
  • Common queries and questions about cyber assets

Top findings include:

  • The Attack Surface is Expanding: The average security team is responsible for 165,633 cyber assets, including 28,872 cloud hosts, 12,407 network interfaces, 55 applications per human employee, 59,971 data assets (including 3,027 secrets), and 35,018 user assets.
  • Alert Fatigue is Nothing New: The average security team is facing a backlog of 120,561 findings and alerts awaiting review.
  • Cloud Assets Dominate: Nearly 90 percent of device assets in the modern organization are cloud-based, meaning physical devices such as laptops, tablets, smartphones, routers, and IoT hardware represent less than 10 percent of total devices.
  • High Levels of Third-Party Risk: 91.3% of code running in the enterprise is developed by a third-party, meaning that modern organizations are incredibly vulnerable to supply chain attacks.
  • Orphaned Assets are a Myth: While previously believed to be heavily isolated, users, networks, and devices are hardly ever on an island considering their rampant first-degree relationships to mission-critical data.

In the coming weeks, we'll share more highlights and learnings across the following topics:

  • The expanding attack surface
  • Outdated skills training
  • Cloud-native architecture
  • Software supply chain
  • Security blind spots

Get the full report today and sign up for our webinar highlighting the key research findings on March 28 at 11am PDT.

Lastly, here is an infographic showcasing data from the report (click to enlarge):

2022-state-of-cyber-assets_infographic

Footnote

[1] (ISC)2 Cybersecurity Workforce Study 2021

Ashleigh Lee
Ashleigh Lee

As Senior Product Marketing Manager at JupiterOne, I love getting to the heart of what problems our customers are solving and how that ties in with the cybersecurity mission at their organizations. With over a decade of experience in B2B tech marketing, and the last 7 years in cybersecurity, I have honed my digital swiss army knife background into sharing customer stories that resonate and drive action.

Keep Reading

‘Type and go’ - New JupiterOne search bar enhancements
October 30, 2023
Blog
‘Type and go’ - New JupiterOne search bar enhancements

JupiterOne aggregates and normalizes data from hundreds of different sources so you can identify and triage security risks easily.

Identify and eliminate endpoint device security gaps using the new JupiterOne Unified Device Matrix
October 6, 2023
Blog
Identify and eliminate endpoint device security gaps using the new JupiterOne Unified Device Matrix

It seems like a simple question. “Are any of our deployed user endpoint devices missing an endpoint detection and response agent?”

Why Better Asset Visibility Matters in Cybersecurity | JupiterOne
August 30, 2023
Blog
Back to basics: Why better asset visibility matters in your security program

At the most basic level of the Incident Response Hierarchy, security teams must know the assets they are defending.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.