53% of European companies blame cyberattacks on unknown assets

A new poll by MIT Technology Review Insights, in association with Palo Alto Networks, underscores the cybersecurity struggles countries in Europe, the Middle East, and Africa have with outdated software and tools. When the pandemic forced employers to support remote work, these infrastructure security shortfalls became all too apparent.

In this new cybersecurity landscape, conducting a full inventory of internet-connected digital assets—from laptops to cloud applications—and rebooting cybersecurity policies for today’s modern remote work environment is essential to mitigate risks. If vulnerabilities aren’t managed quickly, the door is open for bad actors to exploit the weakness.

Report highlights include:

  • Cyberattacks are commonplace: Cloud migration and remote work can expose an attack surface to increased cybersecurity risks. The majority (53%) of respondents in Europe and 35% of companies in the Middle East and Africa say they have experienced a cybersecurity attack originating from an unknown, unmanaged, or poorly managed digital asset.
  • Cloud environments dominate: Fifty-three percent of poll respondents in Europe, and 48% of those in the Middle East and Africa, report that more than half of their assets are in the cloud.
  • Asset monitoring is essential: Long gone are the days when companies could take an ad hoc approach to identifying security risks. It’s become clear that continuous asset monitoring and secure cloud management platforms are powerful tools to help bolster security—70% of respondents in Europe and 89% in the Middle East and Africa rely on continuous asset monitoring technology for protection.

“Our research shows that 70% of companies report a secure cloud management strategy is key to avoiding cybersecurity attacks. And 67% of respondents realize that continuous asset monitoring is the cornerstone of that strategy,” says Laurel Ruma, editorial director at MIT Technology Review Insights, US.

The research is based on a multi-industry poll of more than 728 technology decision-makers across more than a dozen global industries, including information technology, telecommunications, manufacturing, pharmaceuticals, health care, and retail. It includes in-depth interviews from public- and private-sector organizations in the Middle East and Africa (13%), Asia-Pacific (22%), Europe (38%), and North America (24%). Three resulting reports have been published: “IT Security Starts with Knowing Your Assets: Europe, the Middle East, and Africa,” “A Game-changer in Security Operations,” and “IT Security Starts with Knowing Your Assets: Asia-Pacific.”

Companies need established cybersecurity strategies

As companies continue to accelerate their digital transformation strategies, more and more of their operations are being moved to cloud environments. Cloud-based assets comprise most cybersecurity exposures. According to Palo Alto Networks research, 79% of observed issues come from the cloud.

“This data makes all too clear the reality of unknown or unmanaged assets: They are a major security risk and the only way to protect yourself is to have a complete and up-to-date inventory of all internet-facing assets,” says Tim Junio, senior vice president of products for Cortex at Palo Alto Networks.

Companies urgently need to formulate strategies to mitigate cyber-related vulnerabilities.

  • Monitor inventory: Of European respondents, 54% say they perform asset discovery investigations on a continual basis. In the Middle East and Africa, on the other hand, 45% of respondents report they take actions to discover previously unknown or unprioritized digital assets on only a weekly basis or less.
  • Leadership matters: Making the most of a savvy cybersecurity strategy requires the support of the C-suite. As it stands, 67% of respondents in Europe and 34% of those in the Middle East and Africa say their organization’s board of directors will request an attack surface management plan for cybersecurity this year.
  • Know the rules: In addition to identifying, assessing, and segmenting critical assets, organizations must also adhere to the legislative guidelines and cybersecurity requirements specific to their region. The General Data Protection Regulation, Europe’s data privacy and security law, features hundreds of pages’ worth of requirements for organizations around the world. Conversely, in the Middle East governance models tend to focus on national standards when it comes to security.
  • Consult the experts: Outsourcing cybersecurity allows organizations to tap into a reservoir of skills and experience they wouldn’t otherwise have. Thirty-six percent of respondents in the Middle and Africa say they have hired outside experts or consultants to minimize exposure to cybersecurity threats, compared with 27% of companies in Europe.