October is European Cyber Security Month, and the industry didn’t disappoint, producing a huge amount of research describing the biggest threats and trends out there.
CBR rounds up some of the main reports.
1. Veracode: Security risks in software are endemic
The State of Software Security Report found that 97 percent of Java applications contained at least one component with a known software vulnerability.
Apparently, the top quartile of companies fix nearly 70 percent more vulnerabilities than the average company. Veracode said that best practices, such as remediation coaching and eLearning could improve fix rates by up to 6 times.
Additionally, over half of web applications were affected by misconfigured secure communications or other security defences.
The report was drawn from analysis of billions of lines of code, based on 300,000 assessments over the last 18 months.
2. Check Point: Malware dominated by top ten strains
The Check Point September Global Threat Index tracked the continuing rise in malware, breaking the figures down into the most common strains.
Conficker, a worm that allows remote operations and malware download, was the most common, accounting for 14 percent of recognised attacks.
This was followed by Sality, a virus allowing remote operations on infected systems and Locky, a ransomware, which both accounted for 6 percent of recognised attacks.
The report found that the top ten families were responsible for 50 percent of all recognised attacks.
3. BAE Systems: The £1 million cost of cyber breaches
In what is arguably a conservative estimate, BAE Systems released findings from a poll of 100 business leaders which suggested that a cyber attack would cost 10 percent of businesses up to £1 million.
The poll found that the average cost of a cyber attack was believed to be £330,000.
Over half of the survey respondents said that they had suffered an attack in the last year. A fifth were not confident in being able to return normal business operations withing 48 hours of an attack taking place.
4. Fortinet: Threat detection technologies emerge as top defence
The Fortinet Global Security Study revealed the investment and areas of focus of EMEA IT professionals. According to the report, 48 percent of professionals believe that they need to invest in cyber security technologies that protect the enterprise across the entire threat lifecycle.
The decision-makers were most concerned with securing the cloud and protecting against vulnerabilities. 53 percent said that securing the cloud was their biggest concern and 53 percent said that protecting against IT system vulnerabilities was.
https://www.cbronline.com/news/cybersecurity/monthly-research-round-7-must-read-cyber-security-reports-september/
The report also found that 44 percent of EMEA organisations could be addressing their cyber security priorities through outsourcing within three to five years.
The main action taken by the IT professionals to mitigate attacks was the use of threat detection technologies, by 17 percent, followed by cloud-based cybersecurity services, by 12 percent.
The report questioned 1,399 IT decision makers in 13 countries, including CIOs, CTOs, IT Directors and Heads of IT, from organisations with more than 250 employees.
5. Thales: PKI takes hold in the enterprise
Public Key Infrastructure (PKI) was the theme of this report by Thales and the Ponemon Institute. PKI refers to the policies and procedures needed to manage public key encryption.
The report found that 62 percent of businesses believed cloud-based services were the most important trend driving the deployment of applications using PKI. This was a rise from 50 percent in 2015.
The respondents said that the main challenge faced around PKI was the inability of existing PKIs to support new applications.
Over 5000 business and IT managers were surveyed in the US, the UK, Germany, France, Australia, Japan, Brazil, the Russian Federation, Mexico, India, and the Middle East.
6. Tripwire: Endpoint security is being ignored
Tripwire’s study, surveying over 500 IT security professionals, found that only 33 percent of respondents had security strategies in place to protect endpoints on their network as they increase.
There was some doubt about the rate of proliferation of endpoints. 52 percent of respondents said that endpoints would increase by less than 25 percent per year in the next 24 months.
There was doubt around deployment of security updates, with 60 percent of respondents saying that they were not confident that all of the devices were receiving them in a timely way.
Tripwire also found that 21 percent of IT professionals consider the security of IoT devices on their networks to be a top security concern.
31 percent of the respondents said that they conducted comprehensive inventories of both their hardware and software assets only on an annual basis.
7. CA Technologies: Good security is a business boon
Could security actually boost your business? That’s what CA Technologies seems to have found in the global study, ‘The Security Imperative: Driving Business Growth in the App Economy’, which included 1,770 senior business and IT executives, across 21 countries.
It found that nearly 90 percent of UK organisations experienced increased customer retention owing to their security practices.
74 percent of UK organisations reported an improvement in customer experience due to their security practices, while 93 percent of UK organisations viewed security as critical to protecting their brand and as a competitive differentiator.
In addition, 83 percent said that identity-centric security was critical to the business.
8. Palo Alto: Security pros are scared to speak up
This Palo Alto survey found that a big gap existed between the security professionals at an organisation and its C-level executives. According to the report, 33 percent felt that involving senior management made matters more difficult.
32 percent of the security people found that their senior managers expressed confusion over why a breach had happened.
They also named human failure as the most awkward conversation to have, with 28 percent of respondents, followed by a supplier being to blame at 23 percent, and the need for more investment to mitigate future risk (21 percent).
Apparently the third most common reason for not reporting an incident was that it was caused by someone on the senior management team.
With the introduction of GDPR approaching, 47 percent of IT professionals anticipated awkward conversations with the management over breach notification requirements.
Read CBR’s full write-up of the report here.