Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 1 April, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Verizon DBIR: Edgescan Explains the Stats

The concept of continuous assessment, profiling and validation is key to protecting organisations from preventable breaches

by Sabina
May 29, 2020
in Guru's Picks, Hacking
DBIR 2020
Share on FacebookShare on Twitter

by Eoin Keary, CEO and founder of Edgescan:

For the third year running Edgescan contributed to the Verizon DBiR. The DBiR is recognized as the defacto cyber report which casts a wide net across all types of cyber security and breaches, this includes vulnerability management in both infrastructure and applications.

Edgescan vulnerability data is curated and validated, sanitised and reflects tens of thousands of assessments we deliver globally across the full stack to our clients.

As stated by Gabriel Basset of Verizon “I think there’s a positive story around how vulnerability scanning, patching, and filtering are preventing exploiting vulnerabilities from being the easiest way to cause a breach but that asset management is needed to identify and patch unpatched systems…“

A few things that stand out to me in the report are as follows:
Nearly half of breaches involved Hacking and 70% of breaches were external threat actors. To me this makes sense as in our experience most large enterprises have at lease one critical vulnerability living in their estate and the majority of risk (as per our research) is in the web layer/Layer 7 – Web sites, Applications and API’s.

Of a 977 breach sample-space the majority of threat actors were associated with organised crime. These folks are professional, determined hackers. Its how they make their living. They don’t care where the vulnerability resides in the stack. An automated approach to vulnerability management alone wont ensure your defence.

Using software/tools alone to defend against experienced humans wont result in robust security. 

This is the case in particular when the people we are trying to defend against actors who are very skilled and determined, professional blackhat folks, if you will.

Human Error was cited to be a significant contribution to system insecurity and breach in the 2020 DBiR report.

Misconfiguration taking the prize for main contributor; “They are now equally as common as Social breaches and more common than Malware, and are truly ubiquitous across all industries.” according to the report authors.

What we see in Edgescan is pretty much aligned with this metric. Misconfigurations are a common vulnerability and not going away anytime soon. Insecure deployments, misconfigured frameworks, directory listing, data exposure via errors all cousins and steadily increasing over the past number of years.

The concept of continuous assessment, profiling and validation is key to detecting such issues. Generally they are not difficult to detect or fix but if we don’t know about them we’re leaving the door open for someone else to use.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Toll Group resume services after ransomware

Next Post

5 Considerations When Selecting Collaboration Tools for Remote Teams

Recent News

Data Privacy Day: Securing your data with a password manager

For Cybersecurity, the Tricks Come More Than Once a Year

March 31, 2023
cybersecurity training

Only 10% of workers remember all their cyber security training

March 30, 2023
Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information