Organizations of all types and sizes are under attack. Unfortunately, there seems to be a disconnect between defenders’ perceptions and practices of how best to protect themselves and the current cyberthreat landscape -or more preciselythe most common attack vectors leveraged by penetration testers acting as potential attackers. It is a classic case of perception versus reality. To begin distinguishing perception from reality, we developed a survey, in collaboration with Serene-risc, a knowledge mobilization network in cybersecurity based in Canada, on the perceptions and practices of cybersecurity professionals. The survey aimed at understanding how defenders perceive specific security measures and whether these measures were implemented in their respective organizations. Combining the survey results with our penetration testing experience, we confront two perspectives: the defenders’ and the pentesters’, the latter standing as proxies for real attackers. This report highlights the main findings of the study and provides a handful of pro tips in order to overcome the security gaps uncovered.
Please fill all the required * fields.