Cymulate has released its “2022 Cybersecurity Effectiveness Report” which analyzed the results of over a million security posture validation assessments, including 1.7 million hours of offensive cybersecurity testing within Cymulate’s production environments.
The report provides critical insights in global cybersecurity effectiveness, critical findings and top attack tactics, techniques, and procedures (TTPs). The report delves into the efficacy of different security controls, the most concerning threats as tested by organizations worldwide, and top cybersecurity best practices for 2023.
Breach and Attack Simulation positively impacting cyber resiliency
When comparing the anonymized data between the first Endpoint Security assessment completed and the most recent assessments completed, significant improvements in risk reduction were seen when BAS testing was regularly performed. The improvements were seen consistently across customers of various industries and sizes.
“It’s understandable that organizations want to protect themselves against the major threats making headlines today,” said Carolyn Crandall, Chief Security Advocate for Cymulate. “But the findings of the Cybersecurity Effectiveness Report underscore the fact that many attackers aren’t using advanced new strategies—they’re continuing to find success using known tactics. Organizations need to shift their vulnerability management strategies to address these gaps by implementing Attack Surface Management tools for exposure assessment, Breach and Attack Simulation for security control efficacy validation, and Continuous Automated Red Teaming for more frequent penetration testing.”
“Organizations must understand their security posture to identify vulnerabilities and protect against cyber threats,” said David Neuman, senior analyst at TAG Cyber. “Cymulate’s release of findings from over one million security assessments and 1.7 million hours of testing provides valuable insights into common weaknesses and areas for improvement in cybersecurity. This data highlights the need for continuous security testing and risk assessments to stay ahead of emerging threats.”