As many businesses make knee-jerk reactions to assessing their risk and exposure from emerging threats, many aren’t paying close enough attention to threats that are most likely to target their organizations, according to a new report from Cymulate.
Kill-Chain Testing Validated
Indeed, businesses that used scheduled and full kill-chain testing demonstrated the broadest testing coverage and the most in-depth validation when they added advanced scenario testing to their programs, said Cymulate, a risk validation and exposure management specialist, in a study of cybersecurity effectiveness.
Cymulate analyzed the results of more than one million security posture validation assessments, including 1.7 million hours of offensive cybersecurity testing within Cymulate’s production environments.
Commenting on the report, Carolyn Crandall, Cymulate chief security advocate, said:
“It’s understandable that organizations want to protect themselves against the major threats making headlines today. But the findings of the Cybersecurity Effectiveness Report underscore the fact that many attackers aren’t using advanced new strategies — they’re continuing to find success using known tactics. Organizations need to shift their vulnerability management strategies to address these gaps by implementing attack surface management tools for exposure assessment, breach and attack simulation for security control efficacy validation, and continuous automated red teaming for more frequent penetration testing.”
What Cymulate Found
Key findings from the report include: