Research shows 28% of enterprise IT assets are missing at least one critical security control, 6% of IT assets have reached end-of-life stage

Sevco Security, the asset intelligence company that delivers enterprise-wide visibility and prioritization across all classes of vulnerabilities, today announced the findings of The State of the Cybersecurity Attack Surface report, highlighting the prevalence of environmental vulnerabilities across enterprise networks. The report, which examines data from 1.2 million IT assets, identifies the ways in which enterprises are struggling to get visibility into their IT assets, found that 28% of all IT assets are missing at least one critical control – either endpoint protection or patch management – and that 6% of IT assets have reached the end-of-life stage, creating instances of known-but-unpatched vulnerabilities.

The State of the Cybersecurity Attack Surface report details the ways that environmental vulnerabilities – vulnerabilities in the configuration or state of an IT environment, be they missing controls, unknown assets (shadow IT), or system software that is out of date and end-of-life – threaten enterprise networks, leaving paths to data exposed and companies susceptible to malicious actors.

“High-profile CVEs drive a lot of headlines in our industry, but it’s these environmental vulnerabilities lurking across enterprise networks that keep security teams and CISOs up at night,” said J.J. Guy, co-founder and CEO of Sevco Security. “The findings in this report are eye-opening: enterprise networks are filled with IT assets that security teams cannot see, but are accountable for protecting. It’s a structural issue that has led to IT environments putting companies at grave risk. Until organizations can create an accurate IT asset inventory that reflects their true attack surface, we will continue to see these enterprise networks filled with environmental vulnerabilities.”

For the first time, the State of the Cybersecurity Attack Surface report looks beyond the data and examines real-world examples that demonstrate how these environmental vulnerabilities can manifest themselves throughout the enterprise.

For more information about Sevco Security or to download a copy of the report, please visit: https://content.sevcosecurity.com/report-state-of-the-cybersecurity-attack-surface-h1-2024

About Sevco Security

Sevco is the asset intelligence company that delivers enterprise-wide visibility and prioritization across all classes of vulnerabilities. Built upon the industry’s most accurate, real-time inventory of an organization’s devices, users, software, and controls, Sevco enables CISOs and security teams to fully understand the risk and business impact of unaddressed vulnerabilities for more informed prioritization. Sevco automates and validates remediation, tracking metrics to close the loop between issue identification and remediation to drive more proactive security. Founded in 2020 and based in Austin, Texas, Sevco is backed by SYN Ventures, .406 Ventures, Accomplice, and Bill Wood Ventures. For more information, visit https://sevcosecurity.com or follow us on LinkedIn and Twitter @SevcoSec.

View source version on businesswire.com: https://www.businesswire.com/news/home/20240612560335/en/