The high volume of alerts, combined with tedious and manual remediation processes, has resulted in a growing risk backlog and a rise in cyber incidents. As a result, many organizations are adopting an incident response mentality in their cloud security risk management programs, treating risk remediation with the same urgency seen in IR plans to reduce risk acceptance and minimize exposure.
In this blog, we’ll dive into the key factors behind this shift and why more organizations are adopting an IR mindset for cloud security risk remediation.
1. Most incidents are related to risks already known to the organization
A large majority of incidents (in fact, over 62%), are directly related to risks the organization was already fully aware of, but couldn’t remediate in time – or at all. Vulnerabilities, cloud misconfigurations, and other security risks are still among the top initial access vectors for cyberattacks and/or allow adversaries to execute critical stages of attack once in an environment – such as lateral movement, persistence, etc. Slow and manual remediation processes leave attackers with an extended window of opportunity, meaning many of these incidents could have been avoided with more efficient remediation. Further, the fact that 56% of risks can’t be remediated, leaves a bucket of issues accepted by the organization, increasing the potential for security incidents when appropriate mitigating controls are not implemented.
2. Time to exploit vulnerabilities is now just days
The time it takes for attackers to exploit vulnerabilities has drastically decreased, highlighting the urgent need for faster remediation. According to Mandiant, the average time-to-exploit (TTE) has dropped from 32 days the previous year to just 5 days today. As attackers leverage advanced tools, including Artificial Intelligence (AI), to identify and exploit open risks at a faster pace, security teams must do the same. AI is being used by attackers to scan environments quickly, identify vulnerabilities, and exploit them before organizations can react. Taking into consideration that the average TTE is now just days, organizations typically take 10X longer to remediate vulnerabilities than it takes for attackers to exploit them.
3. Regulations and compliance
Compliance is another major driver behind the push for more efficient cloud security risk management. Organizations are under increasing pressure to meet stringent regulatory requirements and remediate vulnerabilities in a timely manner. For instance, the Cybersecurity and Infrastructure Security Agency (CISA) recommends that critical vulnerabilities be remediated within 15 days, and high-risk vulnerabilities within 30 days. On average it takes many organizations 6 weeks (best case) and over 8 weeks (worst case) to remediate an application vulnerability in production. Given the speed at which attackers are exploiting vulnerabilities, regulations are likely to shorten these recommended timelines even further, pushing organizations to adopt new strategies that improve the overall efficiency of their risk management programs.
4. Remediation costs remain high
Inefficient remediation is costing organizations millions of dollars in operational spending annually. To put this into perspective, most organizations have more than four people involved in opening and closing a single security ticket. Extensive coordination across different internal teams – such as DevOps, engineering, and executive leadership – is often required to ensure vulnerabilities are prioritized and fixed or mitigated. The time, resources, and effort required to validate the risk, gather the necessary context, find the best path to resolution, prioritize the fix, and implement a solution, all drives up the cost of remediation.
In addition to direct costs, there are also opportunity costs to consider. Teams often have to put aside other important initiatives, such as revenue-generating projects (e.g. product development or scalability) to focus on risk remediation, leading to missed opportunities.
What are security teams doing about it?
- Prioritization Based on Effort & Impact: With an overwhelming backlog of vulnerabilities, many organizations are adopting effort-based prioritization. This strategy allows security teams to address the largest number of risks with the least amount of changes, providing the greatest impact on reducing the backlog. This is usually achieved by effectively correlating risks based on common root cause / fix.
- Mitigation Using Existing Controls: Because there are many cases where remediation is too time consuming, requires too much effort, or is just not possible, security teams are increasingly leaning on cloud-native services and existing security controls to reduce or eliminate risk. This approach not only minimizes the number of risks requiring urgent attention, but it also empowers security teams to take immediate action, even while waiting for other teams / owners, who may be handling competing priorities, to implement the necessary fix.
- Automation and Agentic AI: Security teams are turning to automation to streamline the end-to-end remediation process – especially to drastically reduce the time it takes to triage findings, conduct root cause analysis, and prioritize alerts. AI (LLMs and AI agents) are being applied to perform complex tasks at a scale that wouldn’t be possible for even the most advanced security teams. For example, AI has the power “to run infinite options and provide the best resolution paths” eliminating the need to do manual code review, and many other time consuming tasks required to find and implement appropriate solutions.
ZEST was founded to bridge the gap between identifying security risks and efficiently remediating them. To learn how security teams are leveraging ZEST to minimize exposure, meet compliance, and reduce operational costs, reach out to our team.
