A new report reveals security organizations experienced 133% year-over-year growth in cyber assets, resulting in increased security complexity and mounting pressure for cloud enterprises.
The second annual State of Cyber Assets Report (SCAR), recently released by JupiterOne, analyzed more than 291 million assets, findings and policies to establish the current state of enterprise cloud assets, including cloud and physical environments of devices, networks, apps, data and users.
The report states that cyber assets increased by 133 percent year-over-year, from an average of 165,000 in 2022 to 393,419 in 2023. Organizations also saw the number of security vulnerabilities, or unresolved findings, increase by 589 percent, indicating a snowball effect as the number of assets more than doubled. The number of security vulnerabilities did not grow in direct proportion to the number of assets which may be attributed to an actual increase in unresolved vulnerabilities and the adoption of new technologies for vulnerability identification.
Other report highlights:
- Unified cyber insight is crucial — The average security team correlates 8.67 security data sources for unified cyber insight. Unified cyber insights matter a lot if anyone wants to effectively defend the cloud-native attack surface. However, teams may struggle to make a case for data access to systems owned or administered by other teams.
- Cyber Assets are Business Assets —Understanding that the average asset is worth $17,711 in 2023 may not help security teams get enough budget. However, it is a start toward quantifying the value of cyber assets.
- The Modern Attack Surface is Distributed — Security practitioners are responsible for an average of 334 unique Cloud Service Provider (CSP) accounts in 2023 across all organizational sizes, or an average of 225 and 559 unique accounts at large and mid-sized organizations, respectively. Distributed cloud architecture methods create resiliency in the era of destructive ransomware attacks. But, the hyper-growth in distributed cloud architecture has introduced an unprecedented era of complexity for cybersecurity teams, who must contend with more assets, less standardization across CSPs, and the necessity of unified cyber insight.