While 56 percent of UK companies have hired an outside organisation to undertake penetration tests to judge the security of their network, only 17 percent of US companies have done the same.
That’s according to a report by Swedish based cybersecurity analysts Outpost24 based on two surveys; one carried out at London’s Infosecurity Europe conference and another at San Francisco’s RSA, both in 2018.
Both, admittedly, had a pretty small sample size: The UK figures are from a survey carried out on 269 security professionals during Infosecurity Europe 2018. While the US number are based on a survey of 155 security professionals at RSA 2018.
Ignoring Critical Flaws
Six percent of UK companies meanwhile admitted that they have ignored a critical security flaw, citing a lack of necessary skills, when surveyed by Outpost24.
However, this pales when compared to the admittance of US organisations who replied that they have ignored 16 percent of critical security flaws.
Commenting in the release of the two reports Bob Egner VP of products at Outpost24 said: “Ignoring a critical security incident is asking for trouble. The US regularly tops the list of most attacked countries, so security professionals should be taking this threat very seriously and doing all they can to minimise their attack surface,” he added.
Vulnerable Technology
Within UK organisations, mobile devices are seen as the most vulnerable technology ranking at 37 percent. The Internet of Things (IoT) was a close second, with 34 percent stating it is their organisations least secure technology.
For US businesses however, cloud infrastructure and applications were deemed to be the least secure technology by 24 percent of those questioned. IoT devices also ranked second for the US companies with 23 percent claiming it was their main concern.
It is worth noting that only seven percent of the UK companies survey thought that cloud infrastructure and applications was a main concern.
Mr Egner commented that: “Our survey results suggest that businesses are adding technology as a key element of their strategy but not preparing their security teams with the skills and resources to keep up. Hackers understand there are key areas of technology which organisations will often overlook in terms of cyber-security.”
“A comprehensive security posture covers the full stack – network infrastructure, cloud environments, applications, mobile devices and even people,” he added.