Hack attack risks growing for medium-sized businesses – Coalfire report finds

Cybersecurity company Coalfire has revealed that the digital dangers have increased for medium-sized firms as big businesses are becoming better adapted at tackling malware.

The company’s second annual Penetration Risk Report is based on hundreds of engagements performed by the company’s adversarial simulation and penetration testing team.

Its results show that whereas huge corporates used to deal with the bulk of cyber risks, the dangers have now shifted towards midsized enterprises.

“Last year, the data surprised us by showing that midsized businesses hit the cybersecurity ‘sweet spot’ despite the higher security budgets and resources of larger enterprises,” said Mike Weber, vice president of Coalfire Labs. “In 2019, large enterprises are filling the gaps faster and midsized businesses find themselves scrambling to keep up.”

The report also highlighted that outdated software and insecure protocols were the biggest risk factors for businesses. The top vulnerabilities in the enterprise space were out-of-date software and insecure protocols. For cloud providers, security misconfiguration was the highest risk factor.

The Penetration Risk Report also listed what the five biggest application vulnerabilities are this this year. They are cross-site scripting, injection, security misconfiguration, password flaws and sensitive data exposure.

Coalfire also noted that the risk of broken authentication or session management, using known vulnerable components and missing function-level access control had shrunk over the past 12 months for apps.

“The good news is that app security has improved from last year due to the allocation of more resources and skilled professionals to get the job done as the threat of cloud-specific vulnerabilities increases,” said Weber. “Despite this, internal network security remains soft as organizations continue to prioritize external risk protections. Midsize businesses are especially vulnerable in this regard.”

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.