ArrowArrow

Ponemon Institute Releases New Report on the State of Security Testing

December 2, 2020

A newly released survey conducted by the Ponemon Institute, a world-renowned independent research organization, quantifies the impact of threat and business evolutions on a company’s security posture.


According to a new Ponemon survey, 78% of companies Do NOT have high confidence in their security controls. 

New York, New York and Rishon Letzion, Israel, December 2nd , 2020 – A newly released survey conducted by the Ponemon Institute, a world-renowned independent research organization, quantifies the impact of threat and business evolutions on a company’s security posture. 60% of companies make changes daily or weekly to their security controls and 67% say that it is important to validate that changes applied to the security controls have not created security gaps. Nevertheless 43% of companies do not test their security controls or only when an incident occurs, and an additional 14% test less than once a year. In contrast 38% of companies that are vigilant in testing were more confident in the effectiveness of their security controls.

The survey also found that in response to the Covid-19 pandemic and transition to support working from home 62% of companies acquired new security technologies and 59% had to relax some of their security policies, and yet only 38% actually tested the security that protected the new attack paths created by employees working from home.

The State of Breach and Attack Simulation and the Need for Continuous Security Validation report underscores the need for security leaders to continuously assess their security performance in the face of the exponential growth of threats and business evolutions.

The survey, commissioned by Cymulate, measured responses from 1,016 IT and IT security practitioners in the United States and United Kingdom who are familiar with their organizations’ testing and evaluation of security controls.

“It is clear from the report that security experts see the need for continuous security validation. Given that the primary methodology for security testing is limited in scope, manual and a lengthy process, it does not meet the pace of new threats and business driven IT change. It comes as no surprise that threat actors are free to exploit remote access, remote desktop, and virtual desktop vulnerabilities, as companies expanded the use of these technologies without security validation, to support employees working from home.” Said Eyal Wachsman, Co-Founder and CEO at Cymulate. He goes on to say that Cymulate changes the paradigm of security testing by enabling all skill levels to challenge and assess their security from a SaaS-based platform, based on automated, life-like attacks in production environments with out of the box templates and also ability to customize attacks for the more advanced blue and red teams.

For more information register to the webinar here.

About Ponemon
Ponemon Institute was founded in 2002 by Dr. Larry Ponemon and Susan Jayson. The Institute is dedicated to independent research and education that advances the responsible use of information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the security of information assets and the IT infrastructure.

 

About Cymulate
Cymulate SaaS-based Continuous Security Validation makes it simple to measure and improve your security posture across the full attack kill-chain. Every assessment is scored and includes actionable remediation guidance to mitigate risk and optimize security control effectiveness. Cymulate enables you to take data-driven decisions and manage your security resources efficiently. For more information, visit www.cymulate.com.

Contact for Cymulate:
Levona Simha, Marketing Director at Cymulate
[email protected]
+972 523 536638