Three-quarters of security vulnerabilities pose little risk; the real danger comes from a small number of vulnerabilities, particularly those that converge at points leading to critical business assets. This is according to a recent study by security provider XM Cyber. The study found that most vulnerabilities provide attack paths that eventually become a “dead end”. Only two percent of the vulnerabilities identified enable truly dangerous attack paths, allowing access to so-called ‘choke points’ within the infrastructure that provide access to multiple critical systems.
Given the large number of security alerts companies receive due to the many software solutions – 11,000 per month for an average company and up to 250,000 for a large company – a more efficient security policy is needed. XM Cyber is urging companies to focus only on the 2% of truly critical attack paths, rather than all of them. The vast majority have a minimal impact, according to the security supplier.
Other findings include that 71 percent of companies have vulnerabilities in on-prem networks that can affect critical cloud-based systems, and that a majority suffer from attacks on passwords and permissions. These latter attack paths are often overlooked, says XM Cyber.
Organizations should also prioritize API security, as APIs are vulnerable to attack.
