Getting ahead of cybersecurity threats — and taking full advantage of new innovations like generative AI — first requires setting the foundation of strong cyber hygiene. Splunk’s State of Security 2024: The Race to Harness AI report, however, revealed that cybersecurity teams still struggle to get out of firefighting mode.
Spending too much time addressing emergency situations and not enough time on long-term improvement was the top cybersecurity challenge among respondents. Teams caught in the cycle of reactivity can start by addressing the basics before taking the next step: growing and innovating.
The importance of cyber hygiene
The initial excitement of new technologies like generative AI shouldn’t overshadow cyber hygiene — it’s the power behind every strong cybersecurity defense strategy.
Adversaries consistently use tried-and-true tactics such as default or weak passwords, unpatched, known vulnerabilities, and poorly secured network connections to launch relatively simple attacks. Splunk research revealed that misconfigured systems are the most common threat vector, highlighting humans as the weak link.
The need for cyber hygiene is particularly relevant with the rise of politically fueled threats, sometimes called hacktivism. 2023 saw the highest number of politically influenced cyberattacks since 2014 at 597 incidents, according to Statista. Respondents in Splunk’s State of Security 2024 echoed these concerns; 86% believe that today’s geopolitical climate is causing their organizations to be targeted more often.
Not all hacktivism is sophisticated. For example, an Iranian anti-Israel hacking group gained control of at least one device at a remote water station at a Pennsylvania water utility. Federal and state cybersecurity officials said that a poor or default password was likely the weak link that enabled the hackers to infiltrate.
Why it’s difficult to keep up with cyber hygiene
Our report found that many organizations still struggle with foundational cybersecurity controls — so what’s holding them back? Seventy-six percent say that completing a full IT asset inventory takes too much time, and 71% say it’s difficult to keep up with security hygiene and posture management due to frequent changes and growth in their attack surface. Similarly, 71% cited technical debt as a main reason why their organization struggled with cyber hygiene.
- Frequent changes and growth in the attack surface: 71%
- Technical debt (e.g. systems that are no longer supported/patched but still in use): 71%
Growing attack surfaces, technical debt and other factors that make an environment unwieldy make it difficult to properly address cyber hygiene. With simplification as the end goal, cybersecurity leaders can use strategies such as tool consolidation to identify overlapping functionality and shared data between platforms — ultimately leading to deeper context for threats and faster incident response.
Implementing comprehensive security controls with minimal friction is an onerous task, and being proactive also requires support from the business. Our report shed some optimism here, with 91% of respondents saying they have the resources and authority to address their cybersecurity challenges. So with the proper resources and authority, what’s next?
The foundations of digital resilience
Implementing foundational cybersecurity controls is where organizations can get the greatest return on investment, making it easier to keep up with requirements in the long term. Securing support from the board and other stakeholders is a great first step. Here are other practical ways to improve cyber hygiene:
Spend time on an IT asset inventory. Over three-quarters (76%) of our respondents said that completing an IT asset inventory takes too much time, but it’s time well spent. After all, you can’t secure what you can’t see. An up-to-date view of your assets and their dependencies can prevent dangerous blindspots.
Implement multi-factor authentication. Most attackers rely on low-hanging fruit like default passwords, which highlights the importance of multi-factor authentication (MFA). Deploy MFA on all access points, with a particular focus on critical systems and remote access.
Stay ahead of threats through community collaboration. Stay informed of new exploits and attack vectors by working closely with your industry and community partners such as analysts and trust sharing groups. Threat intelligence feeds can also alert security teams about common techniques from politically motivated actors. Consider open-source feeds, like Abuse.ch and MITRE ATT&CK, which provide valuable data for free.
Delve into the full State of Security 2024: The Race to Harness AI report for more insights and recommendations on the threat landscape in 2024, including analysis on what leading organizations do differently than their less mature counterparts.
