Aside from a new breed of cloud-native startups, most organizations are built on IT foundations that may be decades old. Layer upon layer of new solutions, systems and services have been added to this legacy technology. The past two years in particular saw an explosion in digital investment, including:
- Public cloud infrastructure: In a report on public cloud services, worldwide end-user spending on public cloud services is forecast to grow by 20.4% in 2022 to $494.7 billion, up from $410.9 billion in 2021, according to the latest forecast from Gartner, ® Inc. In 2023, end-user spending is expected to reach nearly $600 billion.1
- Distributed endpoints: The pandemic saw an explosion in unmanaged home working endpoints connecting to corporate networks. As the hybrid workplace evolves, this dynamic will continue, potentially exposing organizations to cyber threats. Worldwide, hundreds of billions are also spent on Internet of Things devices, many of them for use in corporate environments.2
- Application infrastructure: Complex modern app architectures built with microservices, containers and Kubernetes, which is an open-source system for automating deployment, scaling, and management of containerized applications, may contain hundreds of millions of lines of code and billions of dependencies. That makes cyber risk monitoring and incident management increasingly challenging.
- Supply chains: Globalization has made complex supply chains the norm. This is matched by the growing volume of digital partnerships and connections organizations now have—exploited in standout cyber attacks like those targeting SolarWinds and Kaseya.
All of these factors have combined to continually expand the corporate cyber attack surface over recent years. One recent estimate claims the average security team is responsible for managing over 165,000 assets today, including cloud workloads, devices, network assets, applications and data assets. At the same time, threat actors continue probing, hoping to find new ways to compromise these networks and assets.
Nation state and cyber crime tactics are increasingly converging, driving up cyber risk for organizations and democratizing sophisticated attack tools and techniques to a much larger set of actors. Ransomware affiliate groups, for example, regularly use multistage advanced persistent threat attacks. They might circumvent perimeter security with breached or brute-forced passwords and then move laterally without setting off alarms by using legitimate tools like Cobalt Strike. Automation is heavily used in tactics like credential stuffing, scanning for exposed cloud systems and even mapping attack pathways.