Checkmate on 94% of critical assets in just four moves

Issue 2 2022 News & Events

XM Cyber, a hybrid cloud security company, announced findings from its first annual Impact Report. Attack Path Management Impact Report: 2021 Year in Review incorporates insights from nearly two million endpoints, files, folders and cloud resources throughout 2021. The XM research team analysed the methods, attack paths and impacts of attack techniques that imperil critical assets across on-premises, multi-cloud and hybrid environments and developed tips for thwarting them.

Today’s security tools enable organisations to detect all kinds of misconfigurations, vulnerabilities and other security gaps. However, they fail to show how these seemingly unrelated issues form hidden attack paths that hackers can use to pivot through a hybrid cloud environment and compromise critical assets.

XM’s Impact Report takes the attackers’ perspective to show how, once they get a foothold in the network, they can easily move towards critical business assets. The report was enabled by the company’s namesake attack path management platform, which allows users to see all of the ways that hackers can leverage attack paths across cloud and on-premises environments, aiding mitigation and prevention efforts.

Key insights include:

• 94% of critical assets can be compromised within four steps of the initial breach point.

• On average, 75% of an organisation’s critical assets can be compromised in their current security state.

• 73% of the top attack techniques involve mismanaged or stolen credentials.

• 95% of organisational users have long-term access keys attached to them that can be exposed.

• 78% of businesses are open to compromise every time a new Remote Code Execution (RCE) technique is found.

• The main attack vectors in the cloud are misconfigurations and overly permissive access.

• By knowing where to disrupt attack paths, organisations can reduce 80% of issues that would otherwise have taken up security resources.

An attack path is a chain of attack vectors (vulnerabilities, misconfigurations, user privileges, human errors, etc.) that a hacker can use to move laterally through the network. Hybrid cloud computing architecture is especially vulnerable as attackers can exploit security gaps to obtain a foothold in the network and then move laterally between on-premises and cloud applications. XM Cyber’s report outlines the security gaps and hygiene issues that exist in multiple attack paths across on-premises and cloud environments, demonstrating the importance of risk visibility across the entire network.

“Modern organisations are investing in more and more platforms, apps and other tech tools to accelerate their business, but they too often fail to realise that the interconnection between all these technologies poses a significant risk,” said Zur Ulianitzky, head of research, XM Cyber. “When siloed teams are responsible for different components of security within the network, nobody sees the full picture. One team may ignore a seemingly small risk, not realising that in the big picture it’s a stepping stone in a hidden attack path to a critical asset. To keep pace with today’s technology and business demands, attack path remediation must be prioritised.”

Highlights of the report include:

• Methodology and synopsis of the attack path.

• The top attack techniques used to compromise critical assets in 2021.

• New attack techniques used in 2021.

• Cross-platform attack insights.

• Key findings across on-prem and cloud.

To download the XM Cyber Research Impact Report, visit or use the short link:*xm1

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Pentagon appointed as Milestone distributor
Elvey Security Technologies News & Events Surveillance
Milestone Systems appointed Pentagon Distribution (an Elvey Group company within the Hudaco Group of Companies) as a distributor. XProtect’s open architecture means no lock-in and the ability to customise the connected video solution that will accomplish the job.

From the editor's desk: Securing your secure access
Technews Publishing News & Events
      Welcome to SMART Security Solutions’ first print publication of the year, the SMART Access & Identity Handbook 2024. In this issue, we cover various issues relevant to this industry, from digital to ...

International access manufacturer sets up shop in SA
Technews Publishing Access Control & Identity Management News & Events Products & Solutions
The South African security market can always use some good news, and this year, STid has obliged by formally entering the South African market, setting up its main office in the Boomgate Experience Centre in Roodepoort, Johannesburg.

Re-introduction of the booking system
PSiRA (Private Security Ind. Regulatory Authority) News & Events
[Sponsored] PSiRA is reintroducing the booking system for branch visits. Effective Monday, 4 December 2023, clients will be required to book a slot to visit any PSiRA branch.

From the editor's desk: A sad but exciting goodbye
Technews Publishing News & Events
Welcome to the final monthly issue of SMART Security Solutions. This is the last issue of the year and the last monthly issue we will print. The SMART Security Solutions team wishes all our readers and advertisers a relaxing festive season and a peaceful and prosperous 2024.

Regal celebrates successful golf day
Regal Distributors SA News & Events
Regal Distributors held its first official Regal Golf Day on 18 October at the Glendower Golf Course in Johannesburg. SMART Security Solutions was there on a hot summer’s day to meet many players and sponsors around the course.

Gallagher Security releases Command Centre v9
Gallagher News & Events Access Control & Identity Management Integrated Solutions
Richer features, greater integrations, with the release of Gallagher Security’s Command Centre v9 security site management software designed to integrate seamlessly with various systems and hardware.

Regal launches direct-to-branch WhatsApp communication
Regal Distributors SA News & Events
With a quick scan of a QR code and a few taps on your phone, installers, integrators, technicians or even end-users can chat directly with the team at their preferred Regal branch via WhatsApp

FM Expo highlights industry trends and challenges
Securex South Africa News & Events Facilities & Building Management
Keeping tabs on what is happening within the building/facilities management arena can be frustrating, however, a quick way to find out what current trends, challenges, and solutions are available can be found at the Facilities Management Expo.

South Africa shows a 1200% increase in deepfake fraud
News & Events Risk Management & Resilience
Sumsub released its third annual Identity Fraud Report of the year, analysing identity fraud across industries and regions based on millions of verification checks across 28 industries and over 2 million fraud cases.