Checkmate on 94% of critical assets in just four moves

Issue 2 2022 News

XM Cyber, a hybrid cloud security company, announced findings from its first annual Impact Report. Attack Path Management Impact Report: 2021 Year in Review incorporates insights from nearly two million endpoints, files, folders and cloud resources throughout 2021. The XM research team analysed the methods, attack paths and impacts of attack techniques that imperil critical assets across on-premises, multi-cloud and hybrid environments and developed tips for thwarting them.

Today’s security tools enable organisations to detect all kinds of misconfigurations, vulnerabilities and other security gaps. However, they fail to show how these seemingly unrelated issues form hidden attack paths that hackers can use to pivot through a hybrid cloud environment and compromise critical assets.

XM’s Impact Report takes the attackers’ perspective to show how, once they get a foothold in the network, they can easily move towards critical business assets. The report was enabled by the company’s namesake attack path management platform, which allows users to see all of the ways that hackers can leverage attack paths across cloud and on-premises environments, aiding mitigation and prevention efforts.

Key insights include:

• 94% of critical assets can be compromised within four steps of the initial breach point.

• On average, 75% of an organisation’s critical assets can be compromised in their current security state.

• 73% of the top attack techniques involve mismanaged or stolen credentials.

• 95% of organisational users have long-term access keys attached to them that can be exposed.

• 78% of businesses are open to compromise every time a new Remote Code Execution (RCE) technique is found.

• The main attack vectors in the cloud are misconfigurations and overly permissive access.

• By knowing where to disrupt attack paths, organisations can reduce 80% of issues that would otherwise have taken up security resources.

An attack path is a chain of attack vectors (vulnerabilities, misconfigurations, user privileges, human errors, etc.) that a hacker can use to move laterally through the network. Hybrid cloud computing architecture is especially vulnerable as attackers can exploit security gaps to obtain a foothold in the network and then move laterally between on-premises and cloud applications. XM Cyber’s report outlines the security gaps and hygiene issues that exist in multiple attack paths across on-premises and cloud environments, demonstrating the importance of risk visibility across the entire network.

“Modern organisations are investing in more and more platforms, apps and other tech tools to accelerate their business, but they too often fail to realise that the interconnection between all these technologies poses a significant risk,” said Zur Ulianitzky, head of research, XM Cyber. “When siloed teams are responsible for different components of security within the network, nobody sees the full picture. One team may ignore a seemingly small risk, not realising that in the big picture it’s a stepping stone in a hidden attack path to a critical asset. To keep pace with today’s technology and business demands, attack path remediation must be prioritised.”

Highlights of the report include:

• Methodology and synopsis of the attack path.

• The top attack techniques used to compromise critical assets in 2021.

• New attack techniques used in 2021.

• Cross-platform attack insights.

• Key findings across on-prem and cloud.

To download the XM Cyber Research Impact Report, visit or use the short link:*xm1

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

UJ and Schneider Electric launch 4IR Experience Room
Schneider Electric and the University of Johannesburg (UJ) Faculty of Engineering and Built Environment (FEBE) have officially unveiled the 4IR Experience Room, a first for UJ and situated at the university’s Auckland Park Campus.

SafeCity Guarding rolls out across 14 suburbs in Johannesburg
News Security Services & Risk Management
In a major drive to provide communities across Johannesburg with additional safety, Vumacam, in partnership with Fidelity ADT and other security providers across the region, rolled out the innovative SafeCity Guarding initiative in 14 suburbs.

Providing an interactive branding platform
Securex South Africa News Conferences & Events
Now in its 30th year of providing security technology and services providers with a platform for increasing their brand exposure, Securex South Africa will be held at the Gallagher Convention Centre in Midrand, from the 6th to 8th June 2023.

ALX sponsored learning programmes for 2023
Training & Education News
With a mission to harness Africa's abundant human capital by developing two million ethical and entrepreneurial young leaders from the continent by 2030, ALX has launched four fully sponsored (at no cost) tech programmes for 2023.

LockBit ransomware gang most apt to leak stolen victim data
Trellix has released The Threat Report: February 2023 from its Advanced Research Centre, combining telemetry collected from the world’s largest network of endpoint protection installs and its complete XDR product line with data gathered from open- and closed-source intelligence reports.

Schneider Electric is looking for your bold idea
Schneider Electric has launched this year’s Schneider Go Green, an annual competition that invites university students from across the globe to share their ideas for innovations that can help make the world cleaner, more inclusive, and more sustainable.

Paxton Introduces new rewards programme to South African installers
Paxton News
Paxton has launched Paxton Rewards, offering the first opportunity for installers in South Africa to earn rewards by participating in training, installing Paxton solutions, and completing activities or achievements. The programme is available via the Paxton Installer app.

Keeping students, staff and communities safe
Vumacam News CCTV, Surveillance & Remote Monitoring Security Services & Risk Management
South African schools are facing increasing security challenges, making effective surveillance systems more important than ever. To address this issue, Vumacam is offering advanced security solutions with security partners, aimed at keeping students, staff, and the community safe.

Arcules and IMMIX announce integration
News CCTV, Surveillance & Remote Monitoring Products
Arcules has announced that its integration with Immix Central Station and Guard Force is available. The integration provides Central Station and Guard Force users a way to manage, verify, and respond to security events, while using Arcules-managed video feeds.

From the editor's desk: Drive to survive
Technews Publishing News
Nobody is surprised by the horrible driving habits of many people on South Africa’s roads. Lack of policing, except when collecting money, and the related overall acceptance and encouragement by government ...