Despite Growing Cyber-Threats, Less Than Half of Organizations Perform Continuous Attack Surface Monitoring, New Survey From ESG and Bugcrowd Shows

Leading organizations in attack surface and vulnerability management embrace ongoing penetration testing and crowdsourced cybersecurity solutions

Bugcrowd, the crowdsourced cybersecurity platform, announced the release of the Attack Surface and Vulnerability Management Assessment survey, completed in partnership with analyst firm Enterprise Strategy Group (ESG). The research found that 61% of organizations perform attack surface discovery to offset frequently changing assets in their attack surface and attack surface expansion, yet less than half (40%) of companies perform continuous attack surface management.

Only one out of five organizations surveyed qualified as a “leader” in how they execute attack surface and vulnerability management, while 49% ranked in the second tier as “fast-followers” and 39% ranked in the bottom tier as “emerging organizations.” The survey discovered several key differences between leaders and other respondents in their strategy for attack surface and vulnerability management. Of note, nearly three out of four leaders (72%) perform continuous attack surface management, signaling attack surface discovery frequency as a sign of maturity.

Recommended AI News: BrainChip Appoints Geoffrey Carrick As Non-Executive Director

Leading Organizations Augment Security Efforts with Crowdsourced Cybersecurity Solutions

Organizations that qualify as leaders recognize their own limitations and are much more likely to supplement their security efforts with crowdsourced penetration testing and bug bounty programs than the fast-followers and emerging organizations. In fact, 59% of leaders use bug bounty programs to discover previously unknown or undiscovered attack surface, compared to 43% of fast followers and 34% of emerging organizations. Furthermore, 41% of leaders plan to use crowdsourced security platforms for penetration testing over the next 24 to 36 months compared to just 19% of fast followers and 27% of emerging organizations.

“This research demonstrates how COVID-19 spurred many organizations to accelerate their digital transformation efforts, thus increasing the size and complexity associated with managing their attack surface,” said Ashish Gupta, CEO, Bugcrowd. “One factor really separated the more successful organizations from the rest of the pack: the leaders clearly lean more heavily on crowdsourced security solutions to augment their security efforts. This layered approach to security has significantly strengthened their ability to protect their attack surface and mitigate vulnerabilities.”

Recommended AI News: Switch Breaks Ground On Second And Third Tahoe Reno Data Centers Following Multi-Megawatt Expansions With Global E-Commerce And Semiconductor Clients

Routine Penetration Testing and Attack Surface Discovery Distinguishes Leaders from Less Mature Organizations

Fast-followers and emerging organizations are far less proactive in performing attack surface and vulnerability discovery compared to leaders. For example, 72% of leaders conduct attack surface discovery on a continual basis, compared to just 52% of fast-followers and 3% of emerging organizations. Additionally, 59% of leaders perform penetration testing for vulnerability discovery more often than once per month, while only 23% of fast-followers and 3% of emerging organizations do on the same frequency. However, the less mature companies report higher confidence in their attack surface and vulnerability discovery tooling and technologies, demonstrating a lack of awareness of potential risk.

“There is a stark contrast between what the leaders are doing and what everyone else is doing, and the latter group should take note of the difference,” said Jon Oltsik, Senior Principal Analyst and Fellow, ESG. “Leading organizations use a diverse combination of tools, automated processes, and integrated workflows to constantly look for problems in their attack surface and vulnerability management. They unify efforts across their organization and are proactive in taking necessary actions to mitigate any risks they discover. Perhaps most important, leaders are aware of their limitations and are much more likely to use bug bounties, crowdsourced penetration testing and other external services.”

Recommended AI News: Storm ID And Zebra Medical Vision To Co-Develop Revolutionary New AI Based Osteoporosis Prevention Solution As Part Of UK-Israel Collaboration