NEW YORK—April 27, 2021—Axonius, the leader in cybersecurity asset management, today released its 2021 Cybersecurity Asset Management Trends report, which reveals the extremes to which the pandemic escalated lack of visibility into IT assets and how that is impacting security priorities. According to the study conducted by Enterprise Strategy Group (ESG), organizations report widening visibility gaps in their cloud infrastructure (79%, which was a 10% increase over 2020), end-user devices (75%), and Internet of Things (IoT) device initiatives (75%), leading to increased risk and security incidents. However, around nine out of 10 respondents report that automating IT asset visibility could materially improve a variety of security operations.
“Collectively, these assets represent an attack surface that organizations must protect against an ever-expanding threat landscape used by adversaries to compromise infrastructure and carry out malicious activities,” said Dave Gruber, ESG senior analyst. “When IT and security teams lack visibility into any part of their attack surface, they lose the ability to meet security and operational objectives, putting the business at risk. In some cases, organizations were reporting 3.3 times more incidents caused by lack of visibility into IT assets.”
The report, titled “The Current State of the IT Asset Visibility Gap and Post-Pandemic Preparedness,” explores the impact that the pandemic has had on IT complexity and security, and explains the challenges that lie ahead. It also reveals how automating asset management can close visibility gaps caused by the rapid shift to remote work, IoT adoption, and accelerated digital transformation.
“This year’s survey once again reinforces that lack of visibility into assets is one of the most critical challenges facing every organization today. Building a comprehensive inventory remains a slow, arduous, often inadequate process, and as a result, more incidents are occurring,” said Dean Sysman, Axonius CEO. “However, automating cybersecurity asset management can dramatically improve security and compliance efforts. According to the study, eliminating visibility gaps results in a 50% reduction in end-user device security incidents.”
Organizations Plagued by Pandemic-Driven IT Complexity
More than 70% of respondents report that additional complexity in their environments has contributed to increasing visibility gaps. More than half cite the rapid shift to remote work and changes to technology infrastructure necessitated by security and privacy regulations as key reasons for this increased complexity.
Nearly 90% of respondents say that the pandemic has accelerated public cloud adoption. The study also reveals that the majority of organizations have suffered more than five cloud-related security incidents in the last year. Half of the respondents report visibility and management challenges with public cloud infrastructure, mostly associated with data spread across different tools, clouds, and infrastructure.
Participants also anticipate a 74% increase in remote workers, even after pandemic restrictions lift. This requires organizations to develop long-term operating and security plans for hybrid work environments so that IT and security teams do not remain blind to the personal networks and devices supporting remote employees.
Although organizations furloughed many IoT projects during the pandemic, they may not be prepared when these initiatives reignite. Only 34% report they have a strong strategy for maintaining IoT device visibility, while 62% report facing continued challenges with the variety of devices in use.
Remote Work Shifts Priorities and Resources
The rapid move to remote work motivated a significant change in bring-your-own-device (BYOD) policies for 94% of organizations. Pre-pandemic, close to half of the organizations surveyed prohibited using personal devices for corporate activities, but this number has fallen to 29% in this year’s study, adding new management and security challenges.
As device diversity increases, IT and security teams are putting more focus on identity and access management (IAM) solutions, with 65% reporting that IAM is more challenging. And security teams are facing increased workloads for investigations, with incidents on the rise.
Investment in Asset Management on the Rise
Organizations depend on an average of eight different tools to pull together asset inventories while reporting intensive, manual processes to pull together the data. On average, it takes more than two weeks to generate an asset inventory, utilizing a combination of tools that weren’t built for this task, including endpoint management and security tools, network access controls, network scanning, configuration and patch management, and vulnerability assessments.
With this kind of effort, nearly two-thirds (64%) report asset inventory as an event versus a process, only updating inventories monthly or quarterly. This cadence leaves significant visibility gaps in between, resulting in unmeasurable business risk, and takes away from other priority tasks, such as vulnerability assessments and improved threat investigations and response. Fortunately, realizing the critical importance, more than 80% report plans to increase investments this year to combat the problem.
For the study, ESG surveyed 500 information security and IT decision makers across North America, EMEA and APAC. Visit Axonius online to read the full report.
Axonius is the cybersecurity asset management platform that gives organizations a comprehensive asset inventory, uncovers security solution coverage gaps, and automatically validates and enforces security policies. By seamlessly integrating with over 300 security and management solutions, Axonius is deployed in minutes, improving cyber hygiene immediately. Covering millions of devices at Fortune 500 customers like The New York Times, Schneider Electric, and AB InBev, and earning prestigious accolades from CNBC and Forbes in recent years, Axonius has been cited as one of the fastest growing cybersecurity startups in history. For more, visit Axonius.com.