Today, HackerOne published The 2022 Attack Resistance Report: A HackerOne Security Survey. Our research revealed an increasing gap—the attack resistance gap—between what organizations can defend and what they need to defend. The gap is the result of four components prevalent across organizations.
- Incomplete knowledge of attack surface: Your organization’s attack surface includes infrastructure, software, apps, devices, and the extended supply chain, and it’s constantly expanding. Keeping track of the entire attack surface is so difficult that one-third of large organizations fail to monitor over 25% of their attack surface.
- Testing frequency does not keep pace with app updates: Development cycles are more rapid now than ever, meaning frequent, even daily, updates, but testing hasn’t kept pace. The lag between updates and testing introduces vulnerabilities and risk. Our research found only one in three services or applications are tested more than once a year.
- Scanners are limited: Most companies don’t have the expertise to interpret scanner results. And the results often miss critical application security flaws, where most vulnerabilities are. This gives organizations a false sense of security.
- Untested or unavailable skills: Over 80% of respondents were concerned that their organizations do not have the right cybersecurity talent to keep up with cloud-native development and container technologies. And, developers outnumber most security teams, making it challenging to keep up with rapid changes.
HackerOne surveyed 800+ company IT executives across American and European organizations to understand the impact of our rapidly changing application landscape on an organization’s readiness to defend against cyberattacks. We constructed the survey to capture technology professionals’ assessments of their cyberattack readiness strengths and weaknesses.
Overall, organizations reported only 63% of their entire attack surface is resistant to attack. That leaves a vulnerability gap of 37%. Not only is that gap significant, on average, over 44% of those surveyed stated that they lack confidence in their ability to address the risks introduced by this gap.
To learn about the components of the attack resistance gap and how HackerOne can help your organization close that gap, read the full Attack Resistance Report here.