Bulletproof has released its Annual Cybersecurity Industry Report that shows that half of the most pervasive of critical flaws – which offer hackers an easy route into an organisation – are down to outdated components, such as unpatched or unsupported software. However, this number has jumped significantly from 22% over the previous year, indicating a widespread negligence when it comes to organisations’ cybersecurity practices.
One of the most shocking findings was that cyber criminals continue to evolve their techniques and are more ready than ever to jump on the opportunity of an attack. In fact, a proof of concept experiment run by Bulletproof researchers showed that services are discovered and attacked by cyber criminals within 32 milliseconds of going live.
Other Key stats include:
- 1 in 5 penetration tests revealed a critical risk in need of immediate remediation
- The number of medium risks outnumber the low-risk issues
- Over half of security events relate to user activity
- The education sector contained the highest number of critical flaws
- AI voice technology was used in successful CEO fraud, confirming a prediction Bulletproof made last year
- 68% of malicious IPs encountered this year were known, bad actors
- Privacy and security by design are not being followed
Oliver Pinson-Roxburgh, co-founder of Bulletproof, said: “What’s clear from this data is that, although every year we hope for a dramatic improvement in corporate security, we continue to see a lot of the same mistakes being made over and over again. Getting the basics right is critical; and yet, businesses continue to fail to implement security by design, leading to an increased attack surface and unnecessary risks. The importance of threat detection is a priority and is still the best way to keep ahead of the hackers. Too many organisations are operating blind and failing to see the threats, let alone prevent them.
“Overall, the report highlights a need for enterprises to bolster the foundations of their security controls, over and above what compliance prescribes, and need to step up their game when it comes to detecting compromises before it’s too late,” he concluded.
The report is based on data that Bulletproof’s penetration testing and Security Operations Centre (SOC) teams processed in 2019, which amounted to 15,000 events per second and billions of logs each month.