ETFOptimize | High-performance ETF-based Investment Strategies

Quantitative strategies, Wall Street-caliber research, and insightful market analysis since 1998.
ETFOptimize | HOME
Close Window
Recent Quotes
My Watchlist
Indicators
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

New Tenable Study Outlines the People, Process and Technology Challenges That Limit Organizations’ Ability to Prevent Attacks

By: via GlobeNewswire

COLUMBIA, Md., Oct. 30, 2023 (GLOBE NEWSWIRE) -- Tenable®, the Exposure Management company, has published a new study that sheds light on the challenges cybersecurity and IT leaders face in protecting their increasingly complex and expanding attack surface. Published for Cybersecurity Awareness Month, the report titled “Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams” reveals that in the last two years, the average organization’s cybersecurity program was prepared to preventively defend, or block, just 57% of the cyberattacks it encountered. This means 43% of attacks launched against them are successful, and must be remediated after the fact.

The study, based on a commissioned survey of 825 global cybersecurity and IT leaders conducted in 2023 by Forrester Consulting on behalf of Tenable, illuminates the people, process and technology challenges standing between modern cybersecurity and IT teams and effective risk reduction practices.

Nearly six in 10 (58%) respondents say they focus almost entirely on fighting successful attacks rather than working to prevent them in the first place. The study finds that this is largely due to an inability to reduce potential risks before attacks happen. Cyber professionals cite that this reactive stance is largely due to their organizations' struggle to obtain an accurate picture of their attack surface, including visibility into unknown assets, cloud resources, code weaknesses and user entitlement systems. The complexity of infrastructure — with its reliance on multiple cloud systems, numerous identity and privilege management tools and various web-facing assets — brings with it numerous opportunities for misconfigurations and overlooked assets.

Respondents were particularly concerned with the risks associated with cloud infrastructure, given the complexity it introduces in trying to correlate user and system identities, access and entitlement data. The vast majority of respondents (75%)* view cloud infrastructure as the greatest source of exposure risk in their organization. In order, the highest perceived risks come from the use of public cloud (30%), multi cloud and/or hybrid cloud (23%), private cloud infrastructure (12%) and cloud container management tools (9%).

Additional findings from the study include:

  • While most respondents (75%) say they consider user identity and access privileges when they prioritize vulnerabilities for remediation, fully half (50%) say their organization lacks an effective way of integrating such data into their preventive cybersecurity and exposure management practices.
  • Nearly six in 10 respondents (57%) say a lack of data hygiene prevents them from drawing quality data from user privilege and access management systems, as well as from vulnerability management systems.
  • On average, it takes 15 hours a month to create reports for business leaders about the health of organizational security infrastructure.
  • In a slight majority of organizations (53%), meetings about business-critical systems take place monthly, while 18% hold such meetings only once per year and 2% say they never hold such meetings.

This data comes at a critical point in time for publicly traded companies, following the recent introduction of SEC rules on cybersecurity risk management, strategy, governance and incident disclosure that take effect in December of this year. The new rules that mandate the disclosure of material cybersecurity incidents by public companies also stipulate that they outline their processes for assessing, identifying and managing material risks from cybersecurity threats. It also requires them to highlight the oversight processes of boards of directors and executive management in assessing and managing cybersecurity risks. For organizations that do not have these best practices and processes in place, preventive security measures will become a requirement for operations.

“Preventive security is no longer an optional approach to risk management, but a prerequisite,” said Robert Huber, chief security officer and head of research, Tenable. “The scattershot firefighting by security organizations is a recipe for failure, especially with the expansion of the attack surface and exposure points caused by trends like cloud migration and AI. We’re speaking with more and more organizations about the importance of proactively understanding and reducing risk, and this research underscores that many of them know this intuitively, but are struggling with headwinds that are often beyond their control. We hope to foster more collaborative discussion between stakeholders to simplify their practices and get to the risk data they actually need for faster prioritization and remediation.”

To read the full report with further results from the study, including how organizations can address these challenges and move from a reactive security posture to a preventive approach, please visit: https://www.tenable.com/analyst-research/2023-forrester-exposure-management-study

A blog post with additional context on the study can be found here.

Note to Editors:

  • Forrester Consulting conducted an online survey of 825 IT and cybersecurity professionals at large enterprises in the U.S., the U.K., Germany, France, Australia, Mexico, India, Brazil, Japan and Saudi Arabia. The study was fielded in March 2023.
  • Maturity Modeling: Respondents were scored based on their answers to questions measuring different aspects of their maturity: their use of preventive security tools, how they prioritize resources to reduce threat exposure, and the degree of visibility and collaboration within their organization. Forrester scored those in the bottom 20% as low maturity, the middle 60% as medium maturity, and the top 20% as high maturity.

*Note: Total percentage may not equal separate values due to rounding

About Tenable
Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.

Media Contact:
Tenable
tenablepr@tenable.com


Primary Logo

Recent Quotes

View More
Symbol Price Change (%)
AMZN  249.02
+0.00 (0.00%)
AAPL  258.83
+0.00 (0.00%)
AMD  255.07
+0.00 (0.00%)
BAC  53.35
+0.00 (0.00%)
GOOG  330.58
+0.00 (0.00%)
META  662.49
+0.00 (0.00%)
MSFT  393.11
+0.00 (0.00%)
NVDA  196.51
+0.00 (0.00%)
ORCL  163.00
+0.00 (0.00%)
TSLA  364.20
+0.00 (0.00%)
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the Privacy Policy and Terms Of Service.
© 2025 FinancialContent. All rights reserved.


 
IntelligentValue Home
Close Window

DISCLAIMER

All content herein is issued solely for informational purposes and is not to be construed as an offer to sell or the solicitation of an offer to buy, nor should it be interpreted as a recommendation to buy, hold or sell (short or otherwise) any security.  All opinions, analyses, and information included herein are based on sources believed to be reliable, but no representation or warranty of any kind, expressed or implied, is made including but not limited to any representation or warranty concerning accuracy, completeness, correctness, timeliness or appropriateness. We undertake no obligation to update such opinions, analysis or information. You should independently verify all information contained on this website. Some information is based on analysis of past performance or hypothetical performance results, which have inherent limitations. We make no representation that any particular equity or strategy will or is likely to achieve profits or losses similar to those shown. Shareholders, employees, writers, contractors, and affiliates associated with ETFOptimize.com may have ownership positions in the securities that are mentioned. If you are not sure if ETFs, algorithmic investing, or a particular investment is right for you, you are urged to consult with a Registered Investment Advisor (RIA). Neither this website nor anyone associated with producing its content are Registered Investment Advisors, and no attempt is made herein to substitute for personalized, professional investment advice. Neither ETFOptimize.com, Global Alpha Investments, Inc., nor its employees, service providers, associates, or affiliates are responsible for any investment losses you may incur as a result of using the information provided herein. Remember that past investment returns may not be indicative of future returns.

Copyright © 1998-2017 ETFOptimize.com, a publication of Optimized Investments, Inc. All rights reserved.