Research reveals disconnect between perception and reality of organizational cybersecurity maturity

The GoSecure Cybersecurity Perceptions Versus Reality research report highlights the cross-correlation between perceptions versus actual practice on key security measures and the most common attack techniques used by penetration testers. The results reveal disconnects and important information gaps in cybersecurity that need to be tackled.

Excerpts from the report:

• Password Policies: 74.8% of organizations answered that passwords need to be a mix of letters, numbers, and special characters. And yet, in 55% of pentests, weak passwords are the vulnerability used as the root cause of a successful breach.
• Patch Management: 90% of organizations believed that patch management is important or very important for the security of their systems. However, over 52% of respondents are saying it takes weeks, or longer, to apply patches.
• Asset Inventory: 77.1% of organizations said that they kept a complete inventory of their assets, yet our penetration testers continue to leverage forgotten and unmaintained servers to enter a company’s network.

Key takeaways:

• Security measures found with a disconnect between perception and practice
• Insights and experiences from GoSecure penetration testers
• Actionable recommendations on how to secure the most common attack vectors

In the end, this report shows how organizations can overcome information gaps and biases by building their security practices around the most common attack vectors.