DTX Manchester DTX Manchester
  • About Us
Wednesday, 20 January, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Verizon DBIR: Edgescan Explains the Stats

The concept of continuous assessment, profiling and validation is key to protecting organisations from preventable breaches

by Sabina
May 29, 2020
in Guru's Picks, Hacking
DBIR 2020
Share on FacebookShare on Twitter

by Eoin Keary, CEO and founder of Edgescan:

For the third year running Edgescan contributed to the Verizon DBiR. The DBiR is recognized as the defacto cyber report which casts a wide net across all types of cyber security and breaches, this includes vulnerability management in both infrastructure and applications.

Edgescan vulnerability data is curated and validated, sanitised and reflects tens of thousands of assessments we deliver globally across the full stack to our clients.

As stated by Gabriel Basset of Verizon “I think there’s a positive story around how vulnerability scanning, patching, and filtering are preventing exploiting vulnerabilities from being the easiest way to cause a breach but that asset management is needed to identify and patch unpatched systems…“

A few things that stand out to me in the report are as follows:
Nearly half of breaches involved Hacking and 70% of breaches were external threat actors. To me this makes sense as in our experience most large enterprises have at lease one critical vulnerability living in their estate and the majority of risk (as per our research) is in the web layer/Layer 7 – Web sites, Applications and API’s.

Of a 977 breach sample-space the majority of threat actors were associated with organised crime. These folks are professional, determined hackers. Its how they make their living. They don’t care where the vulnerability resides in the stack. An automated approach to vulnerability management alone wont ensure your defence.

Using software/tools alone to defend against experienced humans wont result in robust security. 

This is the case in particular when the people we are trying to defend against actors who are very skilled and determined, professional blackhat folks, if you will.

Human Error was cited to be a significant contribution to system insecurity and breach in the 2020 DBiR report.

Misconfiguration taking the prize for main contributor; “They are now equally as common as Social breaches and more common than Malware, and are truly ubiquitous across all industries.” according to the report authors.

What we see in Edgescan is pretty much aligned with this metric. Misconfigurations are a common vulnerability and not going away anytime soon. Insecure deployments, misconfigured frameworks, directory listing, data exposure via errors all cousins and steadily increasing over the past number of years.

The concept of continuous assessment, profiling and validation is key to detecting such issues. Generally they are not difficult to detect or fix but if we don’t know about them we’re leaving the door open for someone else to use.

0 0 vote
Article Rating
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Toll Group resume services after ransomware

Next Post

5 Considerations When Selecting Collaboration Tools for Remote Teams

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

View from the back of an aeroplane aisle.

Airline Passenger Data Stolen by Hackers

January 20, 2021
iPhone X/11, open Mail application with empty inbox. To the left of the phone is a green plant.

Emails exposed to SolarWinds Hackers

January 20, 2021
Money signs

Covid-19 and Brexit result in 70% of UK financial firms suffering cyber-attacks

January 20, 2021
Camera lense

1.4 million Pixlr user records shared on hacker forum

January 20, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept