sb-eu logo
Story image

Research finds UK’s top organisations leaving doors open to cybercrime

19 Oct 2017

New research from RiskIQ has found top UK organisations are still too exposed to cyber threats.

Rather than improving their defences, businesses amongst the UK’s FT30 are expanding their digital attack surface in the wake of digital transformation and due to a loss of control, effectively leaving their doors open to cybercriminals.

The research exposed five key areas that are leaving businesses exposed as a result of rampant digital transformation, which includes servers and frameworks, certificates, test site, data collection, and web management.

What is concerning, is that RiskIQ uncovered 5,127 at risk servers and 2,045 at risk frameworks among the UK’s top 30 firms – which represents an average of 171 at risk servers and 68 at risk frameworks currently existing per organisation.

A staggering total of 99,467 live websites were discovered when assessing the public websites of the FT30, which comes to an average of 3,315 websites per business.

RiskIQ asserts this expansive digital presence is the result of digital transformation efforts that can often result in the loss of security control, leading to opportunities for cybercriminals to exploit weaknesses and access critical business and customer information.

Vice president for EMEA at RiskIQ, Fabien Libeau says the vulnerabilities present amongst UK’s top firms is deeply concerning.

“Gaining visibility over an ever expanding web presence isn’t a simple task. We have recently seen the consequence of Equifax losing control of its infrastructure and web assets before falling victim to cyber-crime and impacting millions of customers,” says Libeau.

“It is crucial that other organisations don’t follow suit by ensuring their digital attack surface is constantly monitored, kept under control and secure from cyber adversaries on the prowl.”

The risk from these vulnerabilities and exposed risks outside of firewalls has many implications, including a simultaneous impact on consumer trust and long-term business success.

RiskIQ uses the example of expired or untrusted certificates that result in warning messages that dent consumer confidence and can lead to disengagement. The research uncovered an average of 35 expired certificates and 250 untrusted certificates per organisation.

And of course, there is also significant risk surrounding data collection. This can lead to loss or fraudulent use of customer data when done insecurely, impacting a business’s reputation and revenue.

The research found a total of 13,194 instances of data collection through login or input forms, of which over a quarter (29 percent) had no encryption, and 5 percent were using old encryption algorithms or expired certificates.

Story image
Acronis accelerates growth plans with CyberLynx acquisition
"Acquiring these capabilities will advance Acronis' mission to deliver world-class cyber protection to organisations around the world."More
Story image
DDoS attacks surge, becoming more sophisticated
After doubling from Q1 to Q2, the total number of network layer attacks observed in Q3 doubled again — resulting in a 4x increase in number compared to the pre-COVID levels in the first quarter. More
Story image
With cyber-threats continuing to evolve, organisations need to remain in the fight in 2021
Teams can make improvements in 2021 by having a more comprehensive understanding of the threats that are out there and defining how they conduct operations to offer flexibility to adapt better.More
Story image
Check Point launches cyber security platform with autonomous threat prevention
"Today's fast-paced changes to business applications and deployments to the cloud require organisations to be more agile than ever before."More
Story image
Forescout expands integrations with partner solutions
Expanded partnerships and integrations with Splunk, CrowdStrike and CyberArk allow for better IT and OT security posture for joint customers.More
Story image
The ultimate network security audit checklist
Experts project that losses and damage from cybercrime will skyrocket, with attacks ranging from spam and phishing to malware and spyware — all compromising the safety of sensitive data and proprietary information. These attacks can be minimised by performing network security audits regularly.More