Tenable 新調査: ブラジルにおける過去 2 年間のサイバー攻撃の 41% が成功

Tenable®, the Exposure Management company, has published a new study that sheds light on the challenges Brazilian cybersecurity and IT leaders face in protecting their increasingly complex and expanding attack. The report titled “Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams in Brazil” reveals that in the last two years, the average organization’s cybersecurity program was prepared to preventively defend, or block, just 59% of the cyberattacks it encountered. This means 41% of attacks launched against them are successful and must be remediated after the fact. 

The study, based on a commissioned survey of 825 global cybersecurity and IT leaders, including 50 Brazilian respondents, conducted in 2023 by Forrester Consulting on behalf of Tenable, illuminates the people, process and technology challenges standing between modern cybersecurity and IT teams and effective risk reduction practices.

Nearly six in 10 (60%) respondents say they focus almost entirely on fighting successful attacks rather than working to prevent them in the first place. Cyber professionals cite that this reactive stance is largely due to their organizations' struggle to obtain an accurate picture of their attack surface, including visibility into unknown assets, cloud resources, code weaknesses and user entitlement systems.

The complexity of infrastructure — with its reliance on multiple cloud systems, numerous identity and privilege management tools and various web-facing assets — brings with it numerous opportunities for misconfigurations and overlooked assets. 

Respondents were particularly concerned with the risks associated with cloud infrastructure, given the complexity it introduces in trying to correlate user and system identities, access and entitlement data. The vast majority of respondents (78%)* view cloud infrastructure as the greatest source of exposure risk in their organization. In order, the highest perceived risks come from the use of public cloud (28%), multi cloud and/or hybrid cloud (28%), private cloud infrastructure (10%) and cloud container management tools (12%).

Additional findings from the study include:

• While most Brazilian respondents (66%) say they consider user identity and access privileges when they prioritize vulnerabilities for remediation, more than half (56%) say their organization lacks an effective way of integrating such data into their preventive cybersecurity and exposure management practices. 
• Nearly six in 10 respondents (54%) say a lack of data hygiene prevents them from drawing quality data from user privilege and access management systems, as well as from vulnerability management systems.
• Nearly three-quarters (72%) of respondents believe their organization would be more successful at defending against cyberattacks if it devoted more resources to preventive cybersecurity.
• On average, it takes 14 hours a month to create reports for business leaders about the health of organizational security infrastructure. 
• In a slight majority of Brazilian organizations (54%), meetings about business-critical systems take place monthly, while 22% hold such meetings only once per year and 4% say they never hold such meetings.

“Last year, Brazil was the country with the highest data volume exposed in the world. This underscores the urgency for organizations to embrace a proactive cybersecurity model. Mitigating an ongoing attack, when the damage is already done, is not only a drain on resources but a compelling reminder that prevention is paramount. As the adage goes, 'prevention is better than cure' and nowhere is this truer than in cybersecurity today,” said Arthur Capella, Country Manager of Tenable Brazil. “At Tenable Brazil we are committed to empowering organizations to fortify their defenses, reduce exposure, and foster a culture of cybersecurity resilience,” he added.

To read the full report with further results from the study, including how organizations can address these challenges and move from a reactive security posture to a preventive approach, please visit: tenable.com/analyst-research/how-people-process-and-technology-challenges-are-hurting-cybersecurity-teams-in-brazil 

A blog post with additional context on the study can be found here. 

注記:

• Forrester Consulting conducted an online survey of 825 IT and cybersecurity professionals at large enterprises in the U.S., the U.K., Germany, France, Australia, Mexico, India, Brazil, Japan and Saudi Arabia. この調査は 2023 年 3 月に行われました。
• Maturity Modeling: Respondents were scored based on their answers to questions measuring different aspects of their maturity: their use of preventive security tools, how they prioritize resources to reduce threat exposure, and the degree of visibility and collaboration within their organization. Forrester は、下位 20% の組織を「成熟度が低い」、中位 60% を「成熟度は中程度」、上位 20% の組織を「成熟度が高い」と評価しました。

注:Total percentage may not equal separate values due to rounding

Tenable について
Tenable® は、サイバーエクスポージャー管理ソリューションを提供します。世界中のおよそ 4 万 3000 の企業と組織がサイバーリスクを正確に把握して軽減するために Tenable を採用しています。Nessus® の開発元である Tenable は、脆弱性に対する専門性を基盤に、あらゆるコンピューティングプラットフォーム上のあらゆるデジタル資産を管理、保護できる世界初のプラットフォームを展開しました。Tenable は、フォーチュン 500 の約 6 割、およびグローバル 2000 の約 4 割の企業や、大規模な政府機関などで利用されています。 詳しくは jp. tenable.com をご覧ください。

###

Media Contact:
Tenable
[email protected]