Sunday, January 17, 13:54
Home security New Business Cybersecurity Report - 'If you've been hacked, it's your ...

New Cybersecurity report for businesses - 'If you have been hacked, it's your fault'

"Despite the attention and investment in cybersecurity, the majority of businesses in the US and the UK remain open to attack." So says a new study on cybersecurity conducted by 1E parameter management experts and Vanson Bourne researchers, a survey that challenged 600 IT companies and IT security decision makers in USA and United Kingdom and found that 60% over the past two years and 31% of businesses had been infringed more than once.

Cybersecurity

Sumir Karayi, CEO of 1E, said the research showed that “the vast majority of successful attacks today use known vulnerabilities in software that have already been fixed by software vendors.
Thus, most successful attacks can be stopped simply by knowing what is out there and making sure that you have fixed your vulnerabilities. But for about a third of these organizations' building facilities, the CIO team does not really know what hardware is out there or what software is running on it. How do you fix this? ”

In an interview with Forbes, the reporter asked if this meant that his message to the CIO and CISO community was that if you were the victim of harassment or hacking, it was your fault. He paused and then said "yes."

Think WannaCry or NotPetya (2017 ransomware attacks on Microsoft Windows computers), he explained. "The vulnerabilities were known and repaired. "Why were the solutions not implemented?" The reality is that most organizations do not focus on this. "What many security teams are doing is postponing proceedings while it is the best defense for businesses."

The survey states that "despite significant investments in cybersecurity in many areas, there has been very little improvement with the biggest mistake being in the organization: keeping the endpoints properly corrected and up to date" and that 93% of respondents face challenges, the main ones are the limited budget, the lack of understanding between the IT functions and the IT security and the old type systems. ”

And it's getting worse, Sumir said. "A Forrester analyst who monitors about 150 security companies said he hears about five or ten new security updates almost every week. And everyone says they can fix bigger and worse threats than others can. I feel there is an exaggeration by network security companies. "

"It only takes one device that is not fully up to date to create a point of entry into the network, putting the whole organism at risk," the research explains. "However, our data reveals how small the visibility - let alone the control - of IT Operations has too many corporate endpoints, especially with the ever-increasing number of remote employees. This lack of visibility and control undermines efforts to properly repair and protect the environment.

Simple issues

Sumir has spoken many times about the following issues: automated updates and upgrades, remote work, expansion of endpoints, lack of basic IT services and especially tension and bad relations between IT operations and security teams. "Respondents identified the main cause of violations as the lack of clear security protocols (52%) and unpatched software (51%), followed by a lack of IT Security / Operations cooperation (42%) and a lack of patch automation (40%)."

Microsoft MVP Jason Sandys, reported in the report, says it's a question of behavior. IT Security is seen as an enemy that hinders the productivity of IT Operations.

Changing times

And remote work makes all of this almost impossible to fix. "Remote employees do not always have a strong affiliation with the company," says Sumir. "Many of the security tools were designed for people who work from the office and did not work from home, they were designed for machines within the corporate perimeter, in a well-managed and quickly connected environment, when working hours were also known. None of this is true anymore. ”

And so, according to the survey, "less than a quarter [of organizations] believe they are extremely prepared to respond to a serious data breach."

People have different work patterns. They also have more devices. "The number of devices is rising, and that is such an important factor," Sumir explained. "The same problems we solved with computers must now be solved with the IoT. The firmware must be up to date and patched, the devices must have the correct settings. Any device and production is networked, it is an entry point into the corporate network, an entry point into the organization, whose security could be a problem. If it is not safe then someone has direct access to your corporate network, which means that your perimeter has been violated.

What about IoT?

The report found that "the Dark Web has made it easier for intruders to make money from stolen data. As the value of data has increased, so does the funding and complexity of cybercriminals seeking to exploit software vulnerabilities to access them. Violations are becoming more frequent and catastrophic. ».

"The problem seems to be getting worse," Sumir said, "and we have to tackle it because otherwise, the number of violations will continue to rise." Transferring to digital means more software which means more vulnerabilities and therefore more attacks.
Remote work is a change that businesses are not used to until now. And so IoT is a great concern for the future. "

"It is clear that these issues cannot continue," the report said. "Especially when there are more malicious, better-funded and more organized attacks."

Making improvements

The report concludes with tips and a ten-point action plan from Michael Daniel, a former Special Assistant to President Obama and current CEO of the Cyber ​​Threat Alliance. "While you can never bring network security to the best level," the report said, "if cyber and security companies work together, the risk could be dramatically reduced."

"IT teams are still slow," he said. "Days and weeks to respond, consider that NotPetya infects 40.000 to 50.000 endpoints in a matter of hours." If you do not react the first seconds or minutes, you have an issue. When it comes to budget allocation, the vast majority (90%) of respondents say their business prioritizes other cybersecurity issues. The most pressing question is: how do we prioritize the resources available?
Respondents believe that more investment is needed in these areas: software migration automation (80%),
(67%) and / or software repair (65%).

The report makes reading interesting. It is inevitably dangerous to the safety of endpoints, given its donors. However, the issues surrounding the remote functions and vulnerabilities of the Internet are clear to everyone, even if the idea that different IT organizations could put aside their policies and differences and work together may be less.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

Microsoft Teams: How to turn off reading receipts

Platform users usually want to see read receipts to know when the recipient is reading a message. However, there are ...

iPhone: How to stop tracking requests from apps?

Apple is one of the companies that claim to place great emphasis on the importance of privacy ...

Save battery by turning off 5G on iPhone

The new 5G wireless standard comes with the promise of better speeds and greater data transfer convenience. As the ...

iPhone / iPad: How to close all Safari tabs at once

If you have dozens of Safari tabs open on your iPhone or iPad and want to close them quickly, it might be ...

Emotet has "evolved" and is at the top of the malware charts!

The infamous Emotet trojan returns to the top of the malware charts, having been "refreshed" and evolved to be more difficult to detect. The world ...

Signal: How to protect your messages with passcode?

In recent days the Signal messaging application has become quite popular. The Signal ...

The 5 best secure alternatives for WhatsApp

WhatsApp is one of the most popular messaging platforms, but it is definitely not accepted by everyone. Especially after his last ...

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...