Events , Fraud Management & Cybercrime , Ransomware

2023 Is the Year of Exposure Management

Cyentia Institute Partner Wade Baker Shares Insights on Exposure Management
Wade Baker, partner and co-founder, Cyentia Institute

2023 is the year of exposure, said Cyentia Institute's Wade Baker. Exposure dominated Cyentia research this year, and many breaches were linked to mistakes in vulnerability management and poorly managed identities. CISOs are under the misconception that vulnerability management, one of the older domains of security, is a "problem solved."

See Also: Every Second Counts: 6-Step Ransomware Remediation Guide

But a lot of organizations are struggling with prioritizing hardware and software vulnerabilities. Cyentia's research shows that the typical organization patches only about 10% to 15% of the vulnerabilities that exist in their environment in any given month. About 85% to 90% of vulnerabilities go unpatched. "CISOs need to know that and figure out that if we can't patch all vulnerabilities, how do we narrow down the list and fix the ones that matter?" Baker says.

"If you look at vulnerabilities, everyone has them, but which ones are going to be exploited? For instance, if a vulnerability has exploit code available, proof-of-concept code, there's evidence that attackers are interested in exploiting that vulnerability," Baker said. "That increases the likelihood that it will be exploited for a malicious purpose by a lot. So you have to pay attention to any kind of information or intelligence."

In this video interview with Information Security Media Group at RSA Conference 2023, Baker discusses:

  • Takeaways for CISOs from Cyentia research on exposure management;
  • The techniques and tactics adversaries are using;
  • Where CISOs are struggling with managing identities.

Baker is co-founder of Cyentia Institute, which focuses on improving cybersecurity knowledge and practice through data-driven research. He also is a professor at Virginia Tech's College of Business, working to prepare the next generation of industry leaders.

About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.