WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Technology Internet Security Tuesday, July 23, 2024 
Add Press Release News | News Feeds Feeds | Email This News Email

XM Cyber Report Finds 80% of Security Exposures are Fueled by Misconfigurations
Tuesday, May 14, 2024

Third Annual State of Exposure Management Report Reveals Alarming Gaps in Organizations' Cyber Defenses

TEL AVIV, Israel, May 6, 2024 /PRNewswire/ -- XM Cyber, the leader in continuous exposure management, today released the findings of its third annual research report, Navigating the Paths of Risk: The State of Exposure Management. Produced in collaboration with the Cyentia Institute, the report which provides an in-depth look at the cyber exposure landscape based on data gathered from over 40 million exposures that present high-impact risks to millions of critical business entities. This research found that identity and credential misconfigurations represent a staggering 80% of security exposures across organizations, with a third of these exposures putting critical assets at direct risk of breach - a gaping attack vector actively being exploited by adversaries.

The report found that most of the exposure is within a company's Active Directory which is critical for connecting users to network resources, but it's also a prime target for attackers who could gain elevated privileges and access. The top exposures stem from misconfigurations and credential attacks, which create blind spots that traditional security tools often miss, such as issues with managing members and resetting passwords. Compounding this issue, poor endpoint hygiene plagues the majority of environments with cached credentials or lack of EDR coverage on over 25% of devices, providing attackers ample initial entry points to gain footholds. These overlooked identity and endpoint weaknesses represent a hacker's paradise that organizations urgently need to address.

"This data underscores that exposure management needs to expand well beyond vulnerabilities to look at all paths adversaries can take - including misconfigurations, user behavior, and more," said Zur Ulianitzky, Vice President, Security Research at XM Cyber. "The XM Attack Graph Analysis(TM) revealed that a mere 2% of exposures reside on crucial 'choke points,' where adversaries can exploit vulnerabilities to access critical assets. This revelation underscores the importance of adopting comprehensive threat exposure management frameworks."

CVEs Represent Only 1% of Massive Exposure Landscape

While most organizations concentrate on managing traditional software vulnerabilities tracked by CVE identifiers, the reality is that these only scratch the surface. XM Cyber's analysis reveals organizations typically have around 15,000 exposures scattered across their environments that skilled attackers could potentially exploit. Shockingly, CVE-based vulnerabilities account for less than 1% of this massive exposure landscape. Even when looking just at exposures affecting their most critical assets, CVEs represent only a small percentage of the risk profile. This points to major blind spots in security programs focused narrowly on vulnerability patching alone.

Over Half of Critical Asset Exposures Reside in the Cloud

Cloud environments are not exempted from the risk of exposure. As organizations accelerate cloud adoption, they must be aware that major exposure risks exist in these environments as well. Over half (56%) of exposures affecting critical assets reside in cloud platforms according to XM Cyber's analysis. Moreover, attackers can seamlessly traverse from on-premises to cloud environments and back again, posing a significant risk to cloud-based assets. From there, they can easily compromise critical cloud assets with minimal effort and lateral movement hops.

Vertical Vulnerabilities: One Size Exposure Strategy Fails Across Industries

The report's industry analysis also revealed sectors like Energy and Manufacturing have a higher proportion of internet-exposed critical assets affected by exposures compared to Financial Services organizations, which have large digital footprints. On average, while Financial Services firms manage a much larger digital asset footprint of 5x more assets than the Energy sector, that latter group has a staggering 21x higher proportion of its most critical assets affected by exposures. This demonstrates a true need for industry-specific exposure management strategies.

"The insights collected from this report are a transformative force for organizations navigating the complex realm of cybersecurity, especially in industries with entities that have a lot of exposures like Healthcare and Energy", said Dr. Wade Baker from the Cyentia Institute. "The fact that the median number of exposures affecting Healthcare providers is 5X that of the Energy and Utilities sector points to the inherent challenges of minimizing risk in those environments."

The State of Exposure Management report's findings are based on data from the XM Cyber Continuous Exposure Management Platform and analyzed independently by the Cyentia Institute. The full report is available for download here.

XM Cyber is showcasing at RSA Conference 2024 in booth #1055, located in the South Hall Expo.

About XM Cyber?

XM Cyber is a leading continuous exposure management company that is changing the way organizations approach cyber risk. XM Cyber transforms exposure management by demonstrating how attackers leverage and combine misconfigurations, vulnerabilities, identity exposures, and more, across AWS, Azure, GCP, and on-prem environments to compromise critical assets. With XM Cyber, you can see all the ways attackers might advance, and all the best ways to stop them, pinpointing where to remediate exposures with a fraction of the effort. Founded by top executives from the Israeli cyber intelligence community, XM Cyber has offices in North America, Europe, Asia Pacific, and Israel.

About Cyentia Institute
The Cyentia Institute is a research and data science firm with a mission to advance knowledge in the cybersecurity industry. We accomplish this by partnering with vendors and other organizations to publish a range of high-quality, data-driven content. Find out more at

Media Contact
Danielle Scotto for XM Cyber
ICR Lumina

View original content to download multimedia:


Email This News Email | Submit To Slashdot Slashdot | Submit To Digg | Submit To | News Feeds Feeds

Nav Perception Point Named to Prestigious MES Midmarket 100 | Jul 23, 2024
Nav Fortra Releases New Cloud Email Protection Features to Protect Against Advanced Email Threats | Jul 23, 2024
Nav Country will open door wider as it remains committed to higher standard opening-up: China Daily editorial | Jul 23, 2024
Nav eMazzanti Technologies' Clients Avoid Global Catastrophic CrowdStrike "Blue Screen of Death" Disruptions | Jul 23, 2024
Nav How to Unlock a Disabled iPhone without iTunes? Easy Tips | Jul 23, 2024
Nav Jotform Launches Jotform Government: Empowering Digital Transformation for Government Agencies | Jul 23, 2024
Nav AT&T Addresses Illegal Download of Customer Data | Jul 20, 2024
Nav iPhone is Disabled Connect to iTunes How to Unlock? Here is the Fix! | Jul 20, 2024
Nav Launches Free Dark Web Monitoring Service | Jul 18, 2024
Nav Leading AI Projects Choose Filecoin to Advance AI, Marking the Network's Leading Role as DePIN Backbone for AI | Jul 18, 2024

Submit News | View More News View More News