29 Dec 3 Security Gaps You Don’t Know You Have
All too often, organizations today overestimate their security posture, assuming they are better protected against potential attacks than they truly are. One 2023 report of IT risk found that 88% of IT decision-makers were confident in their organization’s readiness for cyber-disruption. Nearly two-thirds said they believed they were ahead of other organizations! Overconfidence can itself pose a hidden threat.
Indeed, a false sense of security can leave critical gaps unaddressed. In particular, three commonly overlooked security gaps include the inadequate coverage of MITRE ATT&CK techniques, the under-utilization of multi-factor authentication (MFA), and deficiencies in patch management. Closing these gaps is vital for maintaining robust defenses, as they often go unnoticed or unrecognized and leave organizations exposed to cyber threats.
SIEMs and MITRE ATT&CK Tactics
A SIEM detection risk report released in June 2024 found that typically SIEMs cover only 19% of MITRE ATT&CK tactics, or 38 out of 201 techniques identified in the in the MITRE ATT&CK v14 framework, which is a knowledge base of adversary tactics and techniques based on real-world observations. That low coverage rate is despite the fact that the average organization has the ability to cover 87% of the techniques.
In other words, this gap means a significant portion of potential attack vectors remains undetected at many organizations. Worse, the same report reveals that 43% of organizations report having more than one SIEM, which can introduce complicating factors that make it harder to detect and deal with cyber-attacks. “While there are certain use cases where having multiple SIEM tools could be beneficial (i.e. cost savings by sending a bulk of data to a less expensive SIEM and then forwarding the most important data to a more robust and expensive SIEM), it can also lead to a concern of complexity,” Adam Neel, Senior Threat Detection Engineer at Critical Start, told Security Magazine in response to the report.
Multi-Factor Authentication (MFA)
MFA is a powerful (albeit imperfect) security process that requires users to verify their identity using two or more independent credentials: what they know (password), what they have (security token), and/or what they are (biometric verification). In general, MFA is a powerful tool: according to Microsoft, MFA can block up to 99.9% of certain kinds of attacks (like fraudulent account sign-ins). Thanks to its efficacy, adoption has skyrocketed…sort of.
CSO Online reports, “Despite heavy adoption, MFA was found to have lighter organization-wide deployments, which can lead to credential compromises, rendering the partial adoption counterproductive. The average company had 40.26% of accounts with either no MFA or a weak MFA 2.” In other words, the lack of MFA requirements throughout an organization represents a profound security gap that many organizations may underestimate or overlook and renders them unnecessarily vulnerable to otherwise preventable attacks.
Inadequate Patch Management
One of the single most important security initiatives at any organization is keeping all systems updated with newly released security updates. Unfortunately, many firms lag in this regard. According to a Ponemon Institute report, nearly half (42%) of organizations that experienced a data breach had known but unapplied security patches.
Patch management is often an overlooked security risk at organizations because it involves a complex and continuous process of identifying, testing, and deploying updates to software and systems. Resource constraints, a lack of automated tools, and operational disruptions caused by patching can lead to delays or neglect in applying critical updates. In turn, this neglect can leave vulnerabilities unpatched, making systems susceptible to exploitation by cybercriminals who actively seek out and target known weaknesses. Consequently, the failure to maintain an effective patch management strategy can expose organizations to significant risks of data breaches and operational disruptions.
About PSL
PSL is a global outsource provider whose mission is to provide solutions that facilitate the movement of business-critical information between and among government agencies, business enterprises, and their partners. For more information, please visit or email info@penielsolutions.com.
