February 24, 2021
A recently published Trust Report is subtitled “Measuring the Value of Security Amidst Uncertainty.” And guess what? It’s more valuable than ever. “The cybersecurity of your organizations digital assets is as important as the health of your body,” cybersecurity expert Michael Coden writes in the foreword. He goes on to make an especially apt analogy considering the times: “Ninety-eight percent of U.S. citizens have not been infected by COVID-19; however, if you are one of the two percent who have been, you have suffered. Ninety-seven percent of the U.S. citizens who have been infected with COVID-19 have fully recovered; however, three percent have not. The probability that your company will suffer severe damages from a cyberattack is small — but if it does happen, the repercussions can be devastating.”
Here are some key highlights:
Trust is more important than ever: According to PwC’s Consumer Intelligence Series, 81 percent of consumers would cut ties with a company post-breach and 86 percent say companies are responsible for safeguarding consumer data. Organizations invest heavily in building their brands and ensuring customer loyalty. One breach could ruin that.
Government tops list of “attacker resistance scores” (ARS): Because of a government directive to remediate breaches within 30 days, government agencies reduced the time it took to patch vulnerabilities by 73 percent, beating out financial services, healthcare, technology, and a host of other industries. Still, with a score of 61, there is room for improvement. 70+ indicates excellent security practices. Financial Services came in at No. 2 thanks in large part to its practice of continuous security testing.
Continuous security testing means a greater ARS: From 18 to 23 percent greater, according to the report (from Synack), by employing a combination of ethical hackers and AI-enabled tech to perform scanning, penetration testing, bug bounty testing and crowdsourced security testing. Performing testing is just one piece of the security equation. Interpreting the results and developing a sound strategy is equally as important, if not more important.
ARS score dropped most significantly for Manufacturing and Critical Infrastructure: After scoring a 70 in 2019, the number plummeted to 45 in 2020. The sectors “have been under tremendous pressure due to rapid shifts needed to comply with guidelines to reduce the spread of COVID-10 and that strain is evident in their weakened security posture, as they continue to face a constant barrage of attacks.”
Greatly increased usage of work-from-home platforms and video-conferencing apps revealed serious flaws and vulnerabilities: Zoom, in particular, was initially bombarded by hacks (“Zoom bombings”) that caused early customer mistrust and buoyed the competition, including Cisco’s WebEx and Microsoft’s Teams.
Cybersecurity spending is on the uptick: 70 percent of organizations surveyed said they planned to spend more on cybersecurity, and many are looking to integrate more cloud computing — complete with crucial and under-performed security scanning during cloud migration.
Attacks are getting cheaper: One effective preventative measure is to make them as costly as possible. The more time and resources cybercriminals must expend to exploit a system’s vulnerabilities, the less likely they are to repeat an attack or attack in the first place.
The need for speed: Earning trust means tackling problems aggressively and quickly. If proactive measures fail, reactive ones must be rapid. “Remediating vulnerabilities is just as important as finding them in the first place.”
Beware excessive focus on critical vulnerabilities: It might be an effective way to prioritize work, the report concludes, and addressing critical flaws is certainly important. However, “focusing only on the critical flaws ignores the possibility of attackers chasing together several lower-risk vulnerabilities.”
“As we’ve seen his year, news of dangerous vulnerabilities and massive breaches can cause immense repetitional and financial damage,” the report concludes. “Hacks and breaches can also lead to serious fines, government action and lawsuits. A proactive approach to cybersecurity is more vital than ever before.”
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.