MORRISVILLE — The second annual State of Cyber Assets Report (SCAR) shows that security vulnerabilities have grown by 589% this year.
The report, released by Morrisville-based cyber asset management company JupiterOne, analyzed over 291 million assets, findings, and policies to determine the current state of enterprise cloud assets.
The report found that the number of assets organizations manage on average has increased by 133% year-over-year, from 165,000 in 2022 to 393,419 in 2023.
The number of security vulnerabilities has grown disproportionately, jumping up 589%.
In other words, the number of security vulnerabilities is growing rapidly, and not just because of new assets.
This finding could highlight the urgent need for robust cybersecurity measures to protect against potential cyberattacks.
“If the past year has taught us anything, it is the critical importance of security to the overall health of an organization and public safety,” said Jasmine Henry, Senior Director of Data Security and Privacy at JupiterOne and lead researcher on the report, in the press release. “Cybersecurity is no longer just a CISO issue; the CEO, the board of directors, and investors are all paying close attention.”
Most vulnerable asset: data
According to the report, data is the most vulnerable type of asset, accounting for nearly 60% of all security findings.
Organizations might manage different types of assets like cloud and physical environments of devices, networks, applications, users, and data. The report indicates that data is particularly vulnerable due to its importance to organizations and the sensitive nature of much of the data that they handle. (For example, data breaches can result in the loss of sensitive information, such as customer data or intellectual property, which can have serious consequences for the affected organization.)
The report also highlighted the challenges that security teams are facing, showing that, on average, a security team is responsible for 393,419 assets and attributes, 830,639 potential security risks, and 55,473 policies. This has led to security fatigue and staffing shortages in many organizations.
Sounil Yu, CISO and Head of Research at JupiterOne, said in the press release that security teams are fighting an “uphill battle.”
“One of the key takeaways for organizations should be the importance of eliminating artificial barriers for security teams in getting this visibility,” said Yu in the release. “CEOs and other executives should ask their security teams what policies or inter-team dynamics hinder them from accessing the visibility they need.”
For more from the report, visit the JupiterOne website.