Find out the top people, process and technology challenges hurting cybersecurity teams identified in a commissioned study by Forrester Consulting on behalf of Tenable.
Dive into six things that are top of mind for the week ending November 3.
A combination of people, process and technology challenges is getting in the way of organizations’ efforts to effectively reduce cyber risk, as the attack surface becomes larger and more complex.
That’s a key finding from a commissioned study of 825 global cybersecurity and IT leaders conducted in 2023 by Forrester Consulting on behalf of Tenable.
Specifically, in the last two years, the average organization preventively defended 57% of the cyberattacks it faced, and had to reactively mitigate the remaining 43% of attacks.
Here are other findings from the 24-page report based on the Forrester study, titled "Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams":
The study points to the practices of high-maturity organizations as examples to follow. Specifically, the study found that in these organizations:
(Source: "Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams", based on a commissioned study of 825 global cybersecurity and IT leaders conducted in 2023 by Forrester Consulting on behalf of Tenable.)
Here’s a small sampling of the study’s detailed recommendations for overcoming critical people, process and technology challenges:
Overall, the study recommends adopting an exposure management program to help cyber teams tame the complexity of the modern attack surface by bringing together vulnerability management, web application security, cloud security, identity security, attack path analysis and external attack surface management.
To get more details:
For more information about exposure management, check out these Tenable resources:
For cybersecurity leaders tracking the U.S. government’s evolving oversight of artificial intelligence, here’s a major development to check out. This week, the Biden administration issued an executive order outlining how it plans to maximize the AI’s benefits while reducing its risks.
The “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” mandates a variety of actions across multiple areas, including:
Of particular relevance to AI vendors, the executive order requires that AI system developers must share safety test results with the U.S. government. They, along with organizations that use AI, will also be required to comply with stringent standards and tests that’ll be established by a variety of federal agencies.
“The Executive Order establishes new standards for AI safety and security, protects Americans’ privacy, advances equity and civil rights, stands up for consumers and workers, promotes innovation and competition, advances American leadership around the world, and more,” reads a White House fact sheet.
Later this week, the White House also announced the launch of the U.S. AI Safety Institute, which will be tasked with setting in motion NIST’s AI Risk Management Framework through the creation of tools, benchmarks and best practices.
To get more details, check out:
For more information about the U.S. government’s initiatives to address AI risks:
And speaking of the safety and trustworthiness of AI, it looks like the major AI vendors are failing at transparency. At least, that’s the conclusion of a Stanford University study.
Its main takeaway: Visibility into the inner workings of the most popular generative AI tools is, well, murky and getting more opaque – and that’s not good.
“Reversing this trend is essential: transparency is a vital precondition for public accountability, scientific innovation, and effective governance,” reads the study “The Foundation Model Transparency Index,” which is also the name of the scoring system used.
The study rates the transparency of 10 major foundation model companies using 100 criteria. The researchers, a team from Stanford, MIT and Princeton, find the results disappointing, with a mean score of only 37%.
“No major foundation model developer is close to providing adequate transparency, revealing a fundamental lack of transparency in the AI industry,” reads a study highlights page.
To get more details, check out:
There are 5.5 million people employed in cybersecurity worldwide in 2023, an 8.7% increase from 2022, according to the 2023 ISC2 Cybersecurity Workforce Study. Yet, demand for skilled workers has reached a record high, according to the study — which surveyed 14,864 cyber pros worldwide. The vast majority of respondents (92%) report skills skills gaps at their organization and the report estimates 4 million professionals are needed worldwide to adequately safeguard digital assets.
Source: 2023 ISC2 Cybersecurity Workforce Study
Source: 2023 ISC2 Cybersecurity Workforce Study
The top three skills in shortest supply are:
In fact, 47% of respondents see cloud computing security as the most sought-after skill for career advancement.
AI is a source of anxiety for many respondents:
Source: 2023 ISC2 Cybersecurity Workforce Study
The study also discusses how the current economic climate is impacting staffing, provides data on the benefits of diversity, equity and inclusion (DEI) and offers insights into the value of certifications.
The report includes the following recommendations for organizations looking to bridge the skills gap:
To get more details:
The International Counter Ransomware Initiative (CRI) —which includes 48 countries as well as the European Union and INTERPOL — will be developing its first-ever joint policy statement declaring that member governments should not pay ransoms.
The joint policy statement is one of several initiatives emerging from the group’s third annual summit, held in Washington, D.C., Oct. 31 – Nov. 1. Other efforts will include:
To get more details on the initiative check out:
To learn more information about the program take a look at:
MITRE ATT&CK v14, released on Oct. 31, offers enhanced detection guidance for many techniques, expanded scope on Enterprise and Mobile, and new Assets in industrial control systems (ICS), according to the organization’s blog post on Medium.
Areas of focus for this release include:
The organization has also refined the navigation bar of its ATT&CK website, with a single dynamic menu display and access to secondary links in associated dropdown menus. And, as always, MITRE welcomes your input. You can email [email protected] or reach out via Twitter, or Slack.
To get more details on MITRE ATT&CK v14:
Juan has been writing about IT since the mid-1990s, first as a reporter and editor, and now as a content marketer. He spent the bulk of his journalism career at International Data Group’s IDG News Service, a tech news wire service where he held various positions over the years, including Senior Editor and News Editor. His content marketing journey began at Qualys, with stops at Moogsoft and JFrog. As a content marketer, he's helped plan, write and edit the whole gamut of content assets, including blog posts, case studies, e-books, product briefs and white papers, while supporting a wide variety of teams, including product marketing, demand generation, corporate communications, and events.
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose Your Subscription Option:
Thank you for your interest in Tenable.io. A representative will be in touch soon.
FREE FOR 7 DAYS
Tenable Nessus is the most comprehensive vulnerability scanner on the market today.
Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.
Fill out the form below to continue with a Nessus Pro Trial.
Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
BUY
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose Your Subscription Option:
Thank you for your interest in Tenable.io. A representative will be in touch soon.
Formerly Tenable.io Web Application Scanning
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.
Formerly Tenable.io Web Application Scanning
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.
Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.
Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.
Thank you for your interest in Tenable Lumin. A representative will be in touch soon.
Formerly Tenable.sc
Please fill out this form with your contact information.
A sales representative will contact you shortly to schedule a demo.
* Field is required
Formerly Tenable.ot
Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.
Formerly Tenable.ad
Continuously detect and respond to Active Directory attacks. No agents. No privileges.
On-prem and in the cloud.
Exceptional unified cloud security awaits you!
We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.
Exposure management for the modern attack surface.
Formerly Tenable.asm
Know the exposure of every asset on any platform.
Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.
FREE FOR 7 DAYS
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
FREE FOR 7 DAYS
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.