Three-quarters of security vulnerabilities pose hardly any risk. The real danger comes from a very small number of vulnerabilities, especially those where attack paths converge at points leading to important business assets.
This is stated by security vendor XM Cyber in a recent survey. XM Cyber states that most vulnerabilities produce attack paths that “dead-end” at some point.
Only two percent of the vulnerabilities found enable truly dangerous attack paths. These include security vulnerabilities that enable attack paths to so-called choke points. These are points within the infrastructure that provide access to multiple critical systems.
Focus on real vulnerabilities
Given the large number of security alerts at companies due to the many software solutions -11,000 per month for an average company and up to 250,000 for a large company – a more efficient security policy is needed. XM Cyber urges companies to focus only on the two percent of truly critical attack paths, rather than all of them. The vast majority have minimal impact, according to the security vendor.
Other conclusions include that 71 percent of companies have vulnerabilities in on-prem networks that can affect critical cloud-based systems. A majority also suffer from attacks on passwords and permissions. The latter attack paths are also quite often overlooked, XM Cyber says.
Tip: Noname Security gives API Security Platform more features