A patchwork is a great approach to your grandmother's quilt. But maybe not for cybersecurity.
It's like fixing a hole in a bucket full of water. Only, imagine the bucket is also covered in seals from previous leaks.
And one more thing: the water is actually an organization's extremely sensitive data.
Cybersecurity research: large number of solutions being used
According to a recent survey of 750 cybersecurity professionals from the third annual Oracle and KPMG Cloud Threat Report 2020, here is the reality that IT tends to live in with legacy data security:
"IT professionals are using a patchwork of different cybersecurity products to try and address data security concerns, but face an uphill battle as these systems are often not configured correctly."
The study found some startling statistics on the number of cybersecurity products that organizations may use to barricade their data.
- 78% of organizations use over 50 different products to address security issues.
- 37% use more than 100.
The result? A tangled web of point solutions and products that only increase as more threats emerge. It's like a game of whack-a-mole: gaps will keep popping up, and you have no idea where they'll be.
Cybersecurity complexity and misconfigurations
When SecureWorld interviewed Dr. Larry Ponemon recently, he explained the following: "When you hear that complexity is the enemy of security, it is absolutely true."
And this new survey seems to back that up. Complexity is playing a part in misconfigurations, and these are some of the most common according to the study:
- 37%: Over-privileged accounts
- 35%: Exposed web servers and other types of server workloads
- 33%: Lack of multi-factor authentication (MFA) for access to key services
And this can significantly impact organizations.
Companies who discover misconfigured cloud services experienced 10 or more data loss incidents in 2019.
And over half of organizations revealed that employees with privileged cloud accounts have had those credentials compromised by a spear phishing attack.
This complicated quilt of data security is a headache for cybersecurity professionals and a growing risk for their organizations.