Story image

Research finds UK’s top organisations leaving doors open to cybercrime

19 Oct 17

New research from RiskIQ has found top UK organisations are still too exposed to cyber threats.

Rather than improving their defences, businesses amongst the UK’s FT30 are expanding their digital attack surface in the wake of digital transformation and due to a loss of control, effectively leaving their doors open to cybercriminals.

The research exposed five key areas that are leaving businesses exposed as a result of rampant digital transformation, which includes servers and frameworks, certificates, test site, data collection, and web management.

What is concerning, is that RiskIQ uncovered 5,127 at risk servers and 2,045 at risk frameworks among the UK’s top 30 firms – which represents an average of 171 at risk servers and 68 at risk frameworks currently existing per organisation.

A staggering total of 99,467 live websites were discovered when assessing the public websites of the FT30, which comes to an average of 3,315 websites per business.

RiskIQ asserts this expansive digital presence is the result of digital transformation efforts that can often result in the loss of security control, leading to opportunities for cybercriminals to exploit weaknesses and access critical business and customer information.

Vice president for EMEA at RiskIQ, Fabien Libeau says the vulnerabilities present amongst UK’s top firms is deeply concerning.

“Gaining visibility over an ever expanding web presence isn’t a simple task. We have recently seen the consequence of Equifax losing control of its infrastructure and web assets before falling victim to cyber-crime and impacting millions of customers,” says Libeau.

“It is crucial that other organisations don’t follow suit by ensuring their digital attack surface is constantly monitored, kept under control and secure from cyber adversaries on the prowl.”

The risk from these vulnerabilities and exposed risks outside of firewalls has many implications, including a simultaneous impact on consumer trust and long-term business success.

RiskIQ uses the example of expired or untrusted certificates that result in warning messages that dent consumer confidence and can lead to disengagement. The research uncovered an average of 35 expired certificates and 250 untrusted certificates per organisation.

And of course, there is also significant risk surrounding data collection. This can lead to loss or fraudulent use of customer data when done insecurely, impacting a business’s reputation and revenue.

The research found a total of 13,194 instances of data collection through login or input forms, of which over a quarter (29 percent) had no encryption, and 5 percent were using old encryption algorithms or expired certificates.

SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.