Cybersecurity is no longer just the business of IT and the business of Security. It is everyone’s business.

Digital Directorship – Cybersecurity: All Articles

Cybersecurity is no longer just the business of IT and the business of Security. It is everyone’s business.

Cybersecurity is no longer just the business of IT and the business of Security. It is everyone's business.

Source: Digital Directorship: Richard Spangenberg, CEO and Executive Director

A recent study, Online Risk Surface Report identified over 32 million security vulnerabilities, such as old Magecart ecommerce systems and software running obsolete versions of OpenSSL which are vulnerable to exploits like DROWN and Shellshock.

Wade Baker, creator of the Cyentia Institute (a professor in Virginia Tech’s College of Business for the MBA and Master of IT programs), claims that the results should be looked at on a more comparative basis. For instance, 4.6 percent of employers with over 10 workers had high or critical exposure to security vulnerabilities, compared to 1.8 percent of companies with over 100,000 workers. So while the 1.8% number sounds good percentage-wise, on an absolute numbers basis it still represents many more hosts exposed.

Cyber Risk is high for both small and large companies

The study analyzed data from more than 5 million hosts and 18,000 associations.  Kelly White, founder and CEO of RiskRecon (opens RiskRecon website) , adds that although the 0.6% number for the banking industry is not perfect, it’s approaching what is financially feasible for many organizations. Banks with deep pockets have to decide just how much money they can spend on IT security and conduct an investigation of just how much risk they can take, he says.

The study also found that Western Asia, Western Europe, and North America have the best vulnerability scores. The scores for those regions were 1.5%, 1.7%, and 1.8% respectively. While external hosts at SMBs face greater exposure than bigger businesses , as company revenues grow so do the number of hosts and safety problems impacting them.

“In most ways, the findings are not surprising,” Baker explains. “After we broke it down by business, banking had the smallest exposure at 0.6 percent. But let us say a company has 10,000 hosts and gets its exposure number down to 1%, that’s still 100 hosts and can result in a big problem.

All a hacker needs is one server. 

Organizations with hosts are 3 times more likely to have safety exposure to vulnerabilities such as Windows software that is outdated on their systems versus their on-premise ones.

“Companies have to focus on protection, monitoring, and recovery,” White says. “The stronger you are at avoidance, it takes off the pressure monitoring and recovery.” “While a few of the developed areas are better at cybersecurity, a lot of those regions adopted the Web much earlier and have experienced a longer period to put governance in place,”  

A Good Defense may be Insufficient.

George Sideman, CEO at TrustWrx (TrustWrx website) disagrees with the defense only approach. Although he does agree with the need for strong defensive measures, he thinks that the security industry’s current approach of defense only will never be sufficient and is a losing battle with hackers always remaining one step ahead.  He suggests a more aggressive deterministic approach is in order, one that requires strong user verification is what is needed. And then to everyone else (non verified requests) everything is triple-encrypted behind an iron vault. And by everything else, I mean your company’s information and your customer’s information. Customer privacy is mandatory.  TrustWrx’s CEO may have a point and may have the answer. I tend to agree with him and think his approach is the answer. (See “A Breakthrough in Cybersecurity Protection).

What can you do now?

For now, at least think twice and decide if you should trust businesses located in Eastern Asian and Eastern Europe using your information.

  1. Run a good audit on your current security plan and its implementation.
  2. Retain a strong Defense Wall and make sure Procedures and in Place.
  3. Take control of who’s is accessing your database. Identify who your users are and keep all others out.  If they have no access they can cause no harm.

For a complete copy of the report, submit a request. When you download this free report, you’ll have access to findings from over 18,000 organizations and over 5 million hosts that detail how modern enterprises manage the risk of their internet-facing assets.

Print Friendly, PDF & Email

Richard Spangenberg

About the Author: Richard Spangenberg, CEO and Executive Director of Digital Directorship & board member at several companies, is a senior c-suite level executive, innovative strategic marketing leader, and digital/big data/AI specialist familiar with digital transformation, cybersecurity, startups, and social media integration to existing programs.