markdown
Cybersecurity Breaches Continue to Rise Despite Increased Protections
In an alarming trend, recent findings indicate that over 51% of organizations have fallen victim to cyberattacks in the past two years. Despite deploying an average of 53 distinct security solutions, the effectiveness of these measures remains questionable. These insights are drawn from a new study conducted by Pentera in collaboration with Global Surveyz Research, which surveyed 450 security executives across North America, LATAM, APAC, and EMEA.
The report highlights significant operational disruptions caused by these breaches, including unplanned downtime, data exposure, and financial losses, affecting nearly half of the respondents. Notably, only a mere 7% of enterprises reported that they managed to avoid significant consequences. Such statistics underscore the critical nature of maintaining robust cybersecurity defenses.
As the threat landscape evolves, many organizations struggle to keep pace with the rapid changes in their IT environments. The report emphasizes that there is a disparity between the frequency of these changes—73% of organizations implement quarterly updates—and the cadence of security testing, with only 40% conducting penetration tests at the same rate. This gap potentially leaves critical digital assets vulnerable for extended periods.
Cybersecurity leaders are increasingly aware of the importance of communication, particularly regarding the sharing of penetration testing outcomes with their boards of directors. Over half of the chief information security officers (CISOs) now present these findings to executive teams, reflecting a heightened awareness of cybersecurity’s strategic significance. Additionally, 31% of CISOs share pentesting results with customers, fostering transparency and trust in a climate where third-party risks are a growing concern.
The report identifies a persistent issue with the management of security incidents. With more than 60% of surveyed enterprises reporting at least 500 incidents requiring remediation weekly, the challenge of prioritizing these events becomes paramount. Security teams must navigate the complexities of vulnerabilities, their compensating controls, and the data at stake to maintain the organization’s security posture.
While organizations are investing heavily in cybersecurity, allocating an average of $164,400 to manual pentesting, this represents only 12.9% of annual IT security budgets. Given that many firms conduct pentests biannually at most, there is a pressing need for solutions that offer continuous security assessments to support a more resilient IT environment.
In the context of the MITRE ATT&CK framework, various tactics and techniques potentially employed in these cyber incidents include initial access—possibly through spear phishing or exploitation of public-facing applications—followed by persistence mechanisms such as credential dumping or backdoor installations. These methods underscore the sophistication of adversaries and the persistent nature of modern cyber threats.
As organizations continue to grapple with rising threats, the findings from the 2024 State of Pentesting Survey serve as a clarion call for reevaluating cybersecurity practices. The insights gleaned point to an urgent need for continuous validation of security measures in light of evolving risks.
To explore these findings further, business owners are encouraged to participate in an upcoming webinar hosted by Pentera, focusing on effective management strategies for cybersecurity risks and improved communication with leadership. Additionally, detailed reports on the state of pentesting practices can be accessed through Pentera’s official channels, offering deeper insights into the current cybersecurity landscape.
