Cybersecurity Crisis: Competing Explanations
Two recent reports have shed light on the growing cybersecurity crisis, offering differing viewpoints on the root causes of the problem. One report suggests that the tools currently in use are failing to provide what security teams really need, while the other argues that the tools exist but are not being properly managed.
The industrialization of cybercrime, supercharged by the age of AI, has created a post-Mythos era where defenders must improve their performance or risk being overwhelmed by adversaries. Applications are the primary battlefield, with the speed, scale, and sophistication of AI-assisted attacks making them difficult to contain.
The Challenge of Vulnerabilities
According to Daniel Shechter, CEO and co-founder at Miggo Security, AI is not just creating more vulnerabilities, but also exposing the fact that companies cannot fix known vulnerabilities quickly enough. The Cloud Security Alliance (CSA) State of Modern Application and AI Security report, commissioned by Miggo, found that 82% of organizations lack effective runtime visibility, making it difficult to determine which exposures are truly exploitable and prioritize risks.
The report also found that most breaches are driven by known vulnerabilities, with 80% of companies surveyed having suffered at least one incident involving a known vulnerability in the last year. However, only 9% of organizations remediate critical vulnerabilities within 24 hours, with 74% taking one to seven days. The implication is that patch rates must be increased, and exploitable vulnerabilities better understood.
Runtime Difficulties
Most organizations only know what happened after reconstructing the event after the breach has occurred. The CSA report found that 73% of organizations would adopt virtual patching if they had better confidence in minimal false positives, but only 17% configure WAFs for automatic blocking, citing a lack of application context as the reason.
Due to the runtime difficulties, 42% of organizations intend to increase investment in runtime monitoring and protection over the next few years. However, since protection is always better than cure, the bulk of investment (52%) remains in pre-production, such as CI/CD build protection.
FireMon Insights Report
A separate FireMon Insights report, published on the same day as the CSA report, suggests that concern over the automated use of firewalls as a security barrier is unsurprising but at least partially due to a lack of human oversight. The report found that 45% of firewall rules lack an owner or documentation, 17% are redundant or shadowed, and 69% are unused.
FireMon CEO Jody Brazil argues that the problem is not a lack of tools, but rather a lack of operational control. The report concludes that manual policy management is inefficient and allows risk across the attack surface to continue to expand rapidly, primarily due to an environment in which high severity policy failures persist over extended periods of time.
Competing Explanations
The two reports offer competing explanations for the growing cybersecurity crisis. The CSA report suggests that the problem is a failure of security tools to provide the solutions really necessary, while the FireMon report argues that the tools exist, but are not being properly managed. While the reports differ in their explanations, they both highlight the need for improved visibility, better management of existing tools, and increased investment in runtime monitoring and protection.
Source: SecurityWeek