New research from RiskIQ has found top UK organisations are still too exposed to cyber threats.
Rather than improving their defences, businesses amongst the UK’s FT30 are expanding their digital attack surface in the wake of digital transformation and due to a loss of control, effectively leaving their doors open to cybercriminals.
The research exposed five key areas that are leaving businesses exposed as a result of rampant digital transformation, which includes servers and frameworks, certificates, test site, data collection, and web management.
What is concerning, is that RiskIQ uncovered 5,127 at risk servers and 2,045 at risk frameworks among the UK’s top 30 firms – which represents an average of 171 at risk servers and 68 at risk frameworks currently existing per organisation.
A staggering total of 99,467 live websites were discovered when assessing the public websites of the FT30, which comes to an average of 3,315 websites per business.
RiskIQ asserts this expansive digital presence is the result of digital transformation efforts that can often result in the loss of security control, leading to opportunities for cybercriminals to exploit weaknesses and access critical business and customer information.
Vice president for EMEA at RiskIQ, Fabien Libeau says the vulnerabilities present amongst UK’s top firms is deeply concerning.
“Gaining visibility over an ever expanding web presence isn’t a simple task. We have recently seen the consequence of Equifax losing control of its infrastructure and web assets before falling victim to cyber-crime and impacting millions of customers,” says Libeau.
“It is crucial that other organisations don’t follow suit by ensuring their digital attack surface is constantly monitored, kept under control and secure from cyber adversaries on the prowl.”
The risk from these vulnerabilities and exposed risks outside of firewalls has many implications, including a simultaneous impact on consumer trust and long-term business success.
RiskIQ uses the example of expired or untrusted certificates that result in warning messages that dent consumer confidence and can lead to disengagement. The research uncovered an average of 35 expired certificates and 250 untrusted certificates per organisation.
And of course, there is also significant risk surrounding data collection. This can lead to loss or fraudulent use of customer data when done insecurely, impacting a business’s reputation and revenue.
The research found a total of 13,194 instances of data collection through login or input forms, of which over a quarter (29 percent) had no encryption, and 5 percent were using old encryption algorithms or expired certificates.