"Despite the attention and investment in cybersecurity, the majority of businesses in the US and the UK remain open to attack." So says a new study on cybersecurity conducted by 1E parameter management experts and Vanson Bourne researchers, a survey that challenged 600 IT companies and IT security decision makers in USA and United Kingdom and found that 60% over the past two years and 31% of businesses had been infringed more than once.
Sumir Karayi, CEO of 1E, said the research showed that “the vast majority of successful attacks today use known vulnerabilities in software that have already been fixed by software vendors.
Thus, most successful attacks can be stopped simply by knowing what is out there and making sure that you have fixed your vulnerabilities. But for about a third of these organizations' building facilities, the CIO team does not really know what hardware is out there or what software is running on it. How do you fix this? ”
In an interview with Forbes, the reporter asked if this meant that his message to the CIO and CISO community was that if you were the victim of harassment or hacking, it was your fault. He paused and then said "yes."
Think WannaCry or NotPetya (2017 ransomware attacks on Microsoft Windows computers), he explained. "The vulnerabilities were known and repaired. "Why were the solutions not implemented?" The reality is that most organizations do not focus on this. "What many security teams are doing is postponing proceedings while it is the best defense for businesses."
The survey states that "despite significant investments in cybersecurity in many areas, there has been very little improvement with the biggest mistake being in the organization: keeping the endpoints properly corrected and up to date" and that 93% of respondents face challenges, the main ones are the limited budget, the lack of understanding between the IT functions and the IT security and the old type systems. ”
And it's getting worse, Sumir said. "A Forrester analyst who monitors about 150 security companies said he hears about five or ten new security updates almost every week. And everyone says they can fix bigger and worse threats than others can. I feel there is an exaggeration by network security companies. "
"It only takes one device that is not fully up to date to create a point of entry into the network, putting the whole organism at risk," the research explains. "However, our data reveals how small the visibility - let alone the control - of IT Operations has too many corporate endpoints, especially with the ever-increasing number of remote employees. This lack of visibility and control undermines efforts to properly repair and protect the environment.
Sumir has spoken many times about the following issues: automated updates and upgrades, remote work, expansion of endpoints, lack of basic IT services and especially tension and bad relations between IT operations and security teams. "Respondents identified the main cause of violations as the lack of clear security protocols (52%) and unpatched software (51%), followed by a lack of IT Security / Operations cooperation (42%) and a lack of patch automation (40%)."
Microsoft MVP Jason Sandys, reported in the report, says it's a question of behavior. IT Security is seen as an enemy that hinders the productivity of IT Operations.
And remote work makes all of this almost impossible to fix. "Remote employees do not always have a strong affiliation with the company," says Sumir. "Many of the security tools were designed for people who work from the office and did not work from home, they were designed for machines within the corporate perimeter, in a well-managed and quickly connected environment, when working hours were also known. None of this is true anymore. ”
And so, according to the survey, "less than a quarter [of organizations] believe they are extremely prepared to respond to a serious data breach."
People have different work patterns. They also have more devices. "The number of devices is rising, and that is such an important factor," Sumir explained. "The same problems we solved with computers must now be solved with the IoT. The firmware must be up to date and patched, the devices must have the correct settings. Any device and production is networked, it is an entry point into the corporate network, an entry point into the organization, whose security could be a problem. If it is not safe then someone has direct access to your corporate network, which means that your perimeter has been violated.
What about IoT?
The report found that "the Dark Web has made it easier for intruders to make money from stolen data. As the value of data has increased, so does the funding and complexity of cybercriminals seeking to exploit software vulnerabilities to access them. Violations are becoming more frequent and catastrophic. ».
"The problem seems to be getting worse," Sumir said, "and we have to tackle it because otherwise, the number of violations will continue to rise." Transferring to digital means more software which means more vulnerabilities and therefore more attacks.
Remote work is a change that businesses are not used to until now. And so IoT is a great concern for the future. "
"It is clear that these issues cannot continue," the report said. "Especially when there are more malicious, better-funded and more organized attacks."
The report concludes with tips and a ten-point action plan from Michael Daniel, a former Special Assistant to President Obama and current CEO of the Cyber Threat Alliance. "While you can never bring network security to the best level," the report said, "if cyber and security companies work together, the risk could be dramatically reduced."
"IT teams are still slow," he said. "Days and weeks to respond, consider that NotPetya infects 40.000 to 50.000 endpoints in a matter of hours." If you do not react the first seconds or minutes, you have an issue. When it comes to budget allocation, the vast majority (90%) of respondents say their business prioritizes other cybersecurity issues. The most pressing question is: how do we prioritize the resources available?
Respondents believe that more investment is needed in these areas: software migration automation (80%),
(67%) and / or software repair (65%).
The report makes reading interesting. It is inevitably dangerous to the safety of endpoints, given its donors. However, the issues surrounding the remote functions and vulnerabilities of the Internet are clear to everyone, even if the idea that different IT organizations could put aside their policies and differences and work together may be less.