A Glimpse Into Splunk’s State of Security 2023 Report

Organisations lacking a full understanding of the major issues across their attack surface are operating at a disadvantage. In its recent State of Security 2023 report, Splunk highlighted a concerning trend: Many of today’s security teams are “too stuck in reactive mode”, hindering their ability to proactively address threats.

This is a revelation that will strongly resonate with many, particularly considering the vast scale of the attack surface. Without the essential tools, intelligence, and automation, security teams risk becoming locked in a perpetual firefighting mode.

An apt analogy can be made with DDoS attacks, which consistently keep security teams on their toes but can sometimes act as a distraction, diverting attention from less overt concurrent threats.

Additionally, the report includes several other noteworthy highlights:

Addressing the Cyber Skills Scarcity

Not only is skilled and experienced cybersecurity talent in short supply, but, for organisations that don’t invest in mitigation measures, their need for such talent will only increase as the attack surface becomes more complex and distributed.

The Splunk report found the three highest priority tactics being employed to overcome talent challenges:

• Increasing the level of investment in training existing staff.
• Simplifying the security tool portfolio.
• Better capture and analysis of security data.

The Existential Impact

When an attack occurs or is discovered, it’s all about diagnosis and remediation. When the incident is resolved, it would be nice to feel like that’s “case closed.” However, the aftereffects of any successful breach can be far-reaching and have an impact long after the attack has been technically resolved.

Looking at the effects of incidents over the last two years, Splunk identified the following as the top three repercussions:

• Significant amounts of time are spent by IT personnel on remediation.
• Confidential data breaches.
• Lost productivity.

These existential repercussions can be challenging to quantify but are undeniably significant factors when assessing the true cost of cyber attacks.

Most Concerning Vulnerabilities

To avoid operating blindly against malicious actors, gaining insight into the most critical vulnerabilities is imperative. This enables an organisation to pinpoint likely threat origins and prioritise resource allocation effectively.

In the report, Splunk meticulously analysed the ten most concerning vulnerabilities, and it’s worth noting that “Misconfigured Systems” and “Known Software Vulnerabilities” were prominent on that list. Misconfigurations can inadvertently expose critical systems to security risks, while known software vulnerabilities are prime targets for attackers who exploit well-documented weaknesses to breach systems, making them high-priority threats demanding immediate attention to prevent potential breaches and data loss.

Effective tools are available to comprehensively address these persistent vulnerabilities, which happen to be Splunk-based solutions’ speciality.

Get the Foundations Secure

Drawing from these findings, it’s evident that numerous organisations still grapple with fundamental issues, particularly concerning configuration management. This trend is unsurprising, given the widespread adoption of SaaS, cloud infrastructure, servers, and devices, which greatly amplifies the risk of misconfigurations and the obsolescence of configurations.

Effectively tackling these challenges demands the adoption of specialised tools and automation solutions, but above all, organisations must prioritise gaining a comprehensive understanding of the critical issues spanning their attack surface.

The Splunk State of Security report provides valuable pointers and data-driven insights to help you pinpoint where to focus your efforts in fortifying your security posture. You can download the full report here.