Checkmate on 94% of critical assets in just four moves

Issue 2 2022 News & Events

XM Cyber, a hybrid cloud security company, announced findings from its first annual Impact Report. Attack Path Management Impact Report: 2021 Year in Review incorporates insights from nearly two million endpoints, files, folders and cloud resources throughout 2021. The XM research team analysed the methods, attack paths and impacts of attack techniques that imperil critical assets across on-premises, multi-cloud and hybrid environments and developed tips for thwarting them.

Today’s security tools enable organisations to detect all kinds of misconfigurations, vulnerabilities and other security gaps. However, they fail to show how these seemingly unrelated issues form hidden attack paths that hackers can use to pivot through a hybrid cloud environment and compromise critical assets.

XM’s Impact Report takes the attackers’ perspective to show how, once they get a foothold in the network, they can easily move towards critical business assets. The report was enabled by the company’s namesake attack path management platform, which allows users to see all of the ways that hackers can leverage attack paths across cloud and on-premises environments, aiding mitigation and prevention efforts.

Key insights include:

• 94% of critical assets can be compromised within four steps of the initial breach point.

• On average, 75% of an organisation’s critical assets can be compromised in their current security state.

• 73% of the top attack techniques involve mismanaged or stolen credentials.

• 95% of organisational users have long-term access keys attached to them that can be exposed.

• 78% of businesses are open to compromise every time a new Remote Code Execution (RCE) technique is found.

• The main attack vectors in the cloud are misconfigurations and overly permissive access.

• By knowing where to disrupt attack paths, organisations can reduce 80% of issues that would otherwise have taken up security resources.

An attack path is a chain of attack vectors (vulnerabilities, misconfigurations, user privileges, human errors, etc.) that a hacker can use to move laterally through the network. Hybrid cloud computing architecture is especially vulnerable as attackers can exploit security gaps to obtain a foothold in the network and then move laterally between on-premises and cloud applications. XM Cyber’s report outlines the security gaps and hygiene issues that exist in multiple attack paths across on-premises and cloud environments, demonstrating the importance of risk visibility across the entire network.

“Modern organisations are investing in more and more platforms, apps and other tech tools to accelerate their business, but they too often fail to realise that the interconnection between all these technologies poses a significant risk,” said Zur Ulianitzky, head of research, XM Cyber. “When siloed teams are responsible for different components of security within the network, nobody sees the full picture. One team may ignore a seemingly small risk, not realising that in the big picture it’s a stepping stone in a hidden attack path to a critical asset. To keep pace with today’s technology and business demands, attack path remediation must be prioritised.”

Highlights of the report include:

• Methodology and synopsis of the attack path.

• The top attack techniques used to compromise critical assets in 2021.

• New attack techniques used in 2021.

• Cross-platform attack insights.

• Key findings across on-prem and cloud.

To download the XM Cyber Research Impact Report, visit https://info.xmcyber.com/2022-attack-path-management-impact-report or use the short link: www.securitysa.com/*xm1




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
The power of PKI and private sector innovation
Access Control & Identity Management News & Events Government and Parastatal (Industry)
At the recent ID4Africa 2025 Summit in Addis Ababa, the spotlight was firmly on building secure, inclusive, and scalable digital identity ecosystems for the African continent.

Read more...
Bosch Security renamed Keenfinity
News & Events
Globally renowned brands for video systems, access control and intrusion alarm systems, as well as communication systems, unite under the roof of the new company Keenfinity Group.

Read more...
2025 video surveillance market set for improved fortunes
News & Events Surveillance
Novaira Insights has unveiled its latest report, World Market for Video Surveillance Hardware and Software – 2025 Edition, forecasting a healthy growth rate of 8,1% until 2029, excluding China.

Read more...
Wialon announces integration with fleet maintenance and optimisation platform
News & Events Transport (Industry) Logistics (Industry)
Fleet management software platform integrates with a fleet maintenance and optimisation platform to support mutual customers for better workflows and deeper insights into fleet operations.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Value and industry insight
Securex South Africa Training & Education News & Events
Securex South Africa 2025, co-located with A-OSH EXPO, Facilities Management Expo, and Firexpo, drew thousands of security professionals from across the continent and beyond, offering a platform for networking, product discovery, and knowledge sharing.

Read more...
Gallagher Security achieves ISO 27001 recertification
News & Events Training & Education
Gallagher Security has successfully achieved certification to the updated ISO/IEC 27001:2022 standard for Information Security Management Systems (ISMS). This accomplishment builds on previous certifications and reflects a continued commitment to the highest standards of information security.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.