Virtualization Technology News and Information
Article
RSS
Midsized Businesses Hit Cybersecurity 'Sweet Spot,' Leaving SMEs and Large Enterprises Lagging, New Research Finds

Midsized businesses are benefitting from a security sweet spot that has allowed them to outperform their larger competitors, according to new research from Coalfire, a trusted provider of cybersecurity advisory services.

The first annual Coalfire Penetration Risk Report found that, contrary to accepted wisdom on cybersecurity, large enterprises are not the best prepared to protect against cybercrime, despite having bigger budgets and resources.

Although large organizations are best at protecting against phishing and other social engineering attacks, the report - which was based on more than 300 penetration tests in 148 companies worldwide - found a cybersecurity sweet spot among midsized businesses, which performed best at protecting their assets and mitigating their security risks in tests.

Coalfire's extensive penetration test results flip the thinking that large enterprises are the most secure overall, even with the largest cybersecurity budgets and investments in staffing and other resources. Across all sizes and sectors, however, people remain companies' biggest weakness, whether through human error or creating opportunities for social engineering hacks, the report found.

"While overall, our results have found that the midsized business is in the technological sweet spot, conversely, we can conclude that humans - employees, vendors and customers - still represent the greatest vulnerability as they are prone to social engineering techniques, shortcuts or inadvertent oversights in the IT/security management process," said Mike Weber, Vice President, Coalfire Labs. "Most organizations today, as they increasingly leverage the cloud and virtualization, concern themselves more with external network security than internal network defenses, creating significant internal security gaps and vulnerabilities that need to be addressed."

The Coalfire Penetration Risk Report used customer penetration test data to analyze the security challenges within enterprises of various sizes and in different industries, including retail, healthcare, financial and technology/cloud service provider industries, and compared the security posture between small, midsized and large organizations.

Coalfire concluded that security gaps weren't left through negligence, with organizations that did have weaknesses often struggling with restrictive budgets, competing priorities, staffing shortfalls and a lack of highly trained cybersecurity talent.

Financial services lead the way

Globally, the financial services industry performed better at cybersecurity than tech and cloud.

Healthcare had the worst external security posture, while retail performed three times worse than other industries when it comes to cyber defenses.

Common weak points

The report found that a range of vulnerabilities in external and internal networks and in applications enabled cyber attackers to progress through the cyberattack chain and infiltrate an organization.

Phishing was demonstrated to be highly successful as the "foot in the doorway" for attackers who use it as an entry point to infiltrate the organization, then pivot to navigate internally to escalate for greater control.

Out-of-date software, insecure protocols, misconfiguration and password flaws were found to be the greatest threats to external networks, while insecure protocols, password flaws and patching flaws were the top vulnerabilities in internal networks.

Published Monday, July 02, 2018 11:14 AM by David Marshall
Filed under:
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<July 2018>
SuMoTuWeThFrSa
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234