Story image

Research finds UK’s top organisations leaving doors open to cybercrime

19 Oct 2017

New research from RiskIQ has found top UK organisations are still too exposed to cyber threats.

Rather than improving their defences, businesses amongst the UK’s FT30 are expanding their digital attack surface in the wake of digital transformation and due to a loss of control, effectively leaving their doors open to cybercriminals.

The research exposed five key areas that are leaving businesses exposed as a result of rampant digital transformation, which includes servers and frameworks, certificates, test site, data collection, and web management.

What is concerning, is that RiskIQ uncovered 5,127 at risk servers and 2,045 at risk frameworks among the UK’s top 30 firms – which represents an average of 171 at risk servers and 68 at risk frameworks currently existing per organisation.

A staggering total of 99,467 live websites were discovered when assessing the public websites of the FT30, which comes to an average of 3,315 websites per business.

RiskIQ asserts this expansive digital presence is the result of digital transformation efforts that can often result in the loss of security control, leading to opportunities for cybercriminals to exploit weaknesses and access critical business and customer information.

Vice president for EMEA at RiskIQ, Fabien Libeau says the vulnerabilities present amongst UK’s top firms is deeply concerning.

“Gaining visibility over an ever expanding web presence isn’t a simple task. We have recently seen the consequence of Equifax losing control of its infrastructure and web assets before falling victim to cyber-crime and impacting millions of customers,” says Libeau.

“It is crucial that other organisations don’t follow suit by ensuring their digital attack surface is constantly monitored, kept under control and secure from cyber adversaries on the prowl.”

The risk from these vulnerabilities and exposed risks outside of firewalls has many implications, including a simultaneous impact on consumer trust and long-term business success.

RiskIQ uses the example of expired or untrusted certificates that result in warning messages that dent consumer confidence and can lead to disengagement. The research uncovered an average of 35 expired certificates and 250 untrusted certificates per organisation.

And of course, there is also significant risk surrounding data collection. This can lead to loss or fraudulent use of customer data when done insecurely, impacting a business’s reputation and revenue.

The research found a total of 13,194 instances of data collection through login or input forms, of which over a quarter (29 percent) had no encryption, and 5 percent were using old encryption algorithms or expired certificates.

IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.