It’s easy to focus on the threats that you know about, and easy to ignore the ones that you don’t see. When organizations conduct vulnerability scans, they get a weekly reminder of all of the unpatched and out-of-date devices on their network. Spam and phishing emails come in daily and are a constant reminder of the need for vigilance.
But other risks are present, even if they aren’t as visible. Rogue development servers in AWS aren’t scanned weekly because they aren’t known, and ephemeral cloud exposures may move before they’re noticed. Practitioners understand this, and it’s keeping them up at night.
The Index of Cyber Security is a monthly survey that has been conducted by a team at New York University for over eight years. They ask respondents about whether different risks are rising or falling. For example, they ask organizations questions like “Compared to the last month, has the threat from insiders fallen, stayed the same, or risen?” With these data, they can analyze how practitioners assess different threats facing their organization. You can read more about their methodology here.
One of their questions involves known versus unknown threats:
“Compared to last month, what is your view of:
- Vulnerability of available defenses to known threats
- Vulnerability of available defenses to unknown threats“
The graph of respondent results is shown below. Concern around known threats grew very slowly from 2012 to 2015, but has remained constant for the last three years. Unknown threats, on the other hand, have grown steadily, driving the increase in the total index.
This survey tells us that respondents feel well equipped to face known issues, but worry about the unknowns. And this concern with unknown threats has only grown over time.
Security leaders today need a better way to identify, assess, and remediate threats to their network through vulnerabilities on Internet-connected assets. To find those unknown threats, you need an outside-in view of your network. That lets you find that misconfigured RDP server you didn’t know about or that rogue cloud account developers spun up with production data.
That’s why at Expanse, we index the entire public Internet to discover, track, and monitor organizations’ Internet assets on-prem and in the cloud. With improved network visibility, our customers can better protect themselves and reduce the risks posed by otherwise unknown threats.
 The growth in this index indicates that the respondents are consistently saying that these threats are growing compared to the previous month. If things were getting better, respondents would report that the threat has gone down compared to the previous month, which is something that the data indicate almost never happens.