Tenable Study Reveals 40% of Cyberattacks Breach Saudi Arabian Organisations’ Defences
December 5, 2023 · Dubai, UAE
“Security teams are so busy remediating cyberattacks that they don’t have time or resources- SAUDI ARABIAN ORGANISATIONS FACE A CYBER CONUNDRUM: Security teams recognise prevention is better than cure, but are too busy mitigating attacks to change tactics
to focus efforts on strengthening defences to deflect and protect against them.”
Tenable®, the Exposure Management company, today highlighted that, of the cyberattacks Saudi Arabian organisations experienced in the last two years, 40% were successful. Cela contraint les équipes de sécurité à concentrer leur temps et leurs efforts sur la remédiation de ces cyber-attaques au moment où elles se produisent, plutôt que sur leur prévention.With 68% of Saudi organisations confident that their cybersecurity practices are capable of successfully reducing the organisation’s risk exposure, there is work to be done. These findings are based on a commissioned survey of 50 Saudi-based cybersecurity and IT leaders conducted in 2023 by Forrester Consulting on behalf of Tenable.
Les personnes interrogées se sont montrées particulièrement préoccupées par les risques associés à l'infrastructure cloud, étant donné le degré de complexité que ce type d'infrastructure introduit en essayant de corréler les identités système et utilisateur, les accès et les données de droits d'accès.Half of organisations (56%) say they use multi-cloud and/or hybrid cloud environments. However, over half of respondents (62%) cite cloud infrastructure as one of the highest areas of risk exposure in their organisation. In order, the highest perceived risks come from the use of public cloud infrastructure (28%), multi cloud and/or hybrid cloud (20%) and private cloud infrastructure (14%).
Cette étude démontre clairement que le temps ne joue pas en faveur des équipes de sécurité.Sixty-eight percent of respondents believe their organisation would be more successful at defending against cyberattacks if it devoted more resources to preventive cybersecurity. Yet six in 10 respondents (66%) say the cybersecurity team is too busy fighting critical incidents to take a preventive approach to reducing their organisation’s exposure.
Pour les professionnels de la cyber-sécurité, cette passivité est largement due aux difficultés que rencontre leur entreprise à obtenir une vision précise de leur surface d'attaque, notamment une visibilité sur les assets inconnus, les ressources cloud, les faiblesses du code et les systèmes de droits d'accès utilisateur.La complexité de l'infrastructure, qui repose sur plusieurs systèmes cloud, de nombreux outils de gestion des identités et des privilèges, ainsi que sur des assets exposés au web, multiplie les risques de mauvaises configurations et d'assets négligés.Over half of respondents (60%) said a lack of data hygiene prevents them from drawing quality data from user privilege and access management systems, as well as from vulnerability management systems. While the majority of respondents (78%) say they consider user identity and access privileges when they prioritise vulnerabilities for patching/remediation, 62% say their organisation lacks an effective way of integrating such data into their preventive cybersecurity and exposure management practices.
Le manque de communication au plus haut niveau complique également, voire aggrave, le problème de la cyber-sécurité au sein des entreprises.Tandis que les attaquants évaluent en permanence les environnements, les entreprises ne tiennent des réunions dédiées aux systèmes critiques pour l'activité qu'une fois par mois, dans le meilleur des cas.Seventy-two percent of respondents say they meet monthly with business leaders to discuss which systems are business critical, while 12% hold such meetings only once per year and 2% say they never hold such meetings.
“Far too many security teams are being overwhelmed by the sheer volume of cyberattacks they have to react to, rather than focusing efforts on reducing risks. As the attack surface becomes ever more complex, caused by trends like cloud migration and AI, this imbalance will only deepen,” said Maher Jadallah, Senior Director Middle East & North Africa, Tenable. “Firefighting is not just exhausting, but also leaves the organisation open to unacceptable risks. Security teams need to change tactic to focus instead on preventative security that deflects cyberattacks and stops threat actors gaining a toehold into the infrastructure. That will need security leadership to be involved in high-end business decision making rather than consulted after the fact. Only then will steps be taken to reduce risks and strengthen defences.”
A whitepaper is available with further results from the study, including how organisations can address the challenges and move from a reactive security posture to a preventive approach.
About Tenable
Tenable® is the Exposure Management company. Environ 43 000 entreprises partout dans le monde font confiance à Tenable pour déterminer et réduire leur cyber-risque. Après avoir créé Nessus®, Tenable a élargi son expertise en matière de vulnérabilités pour proposer la première plateforme au monde capable de voir et de sécuriser tout asset digital sur n'importe quelle plateforme informatique. Tenable compte parmi ses clients environ 60 % des entreprises du Fortune 500, environ 40 % des entreprises du Global 2000 et les plus grandes agences gouvernementales. Pour en savoir plus, rendez-vous sur fr.tenable.com.
###
Media Contact:
Tenable
[email protected]
Restez informé !
Abonnez-vous à nos alertes par e-mail pour recevoir les nouveaux communiqués de presse.
- Attack Surface Management