Size matters when it comes to cybersecurity
Research from Coalfire Labs based on over 800 penetration tests finds that company size has a direct bearing on how effectively a business is able to fend off would-be attackers.
The study shows large and small companies see more than three times the year-on-year improvement of medium-sized companies. Although mid-size companies hit the cybersecurity sweet spot in 2018, they scrambled to keep up last year, and in 2020, improving only four percent year-on-year in fending off attackers compared to their bigger and smaller counterparts.
The report also finds that large cloud service providers have dramatically improved their security postures when compared to the large, private enterprise category. Perhaps unsurprisingly, the technology industry continues to dominate the race toward strong security postures.
"Our data shows companies undergoing rapid digital transformation into more complex, multi-cloud environments," says Mike Weber, vice president of innovation for Coalfire Labs. "But in this extraordinary year of 2020, it also tells a story of repeating flaws across similar attack vectors over time. This creates an opportunity for holistic cybersecurity solutions that address those systemic weaknesses once and for all."
As more workloads and supply chains move into cloud environments the top vulnerabilities remain as security misconfiguration and cross-site scripting. Phishing continues to to be problematic too with 61 percent of phishing attempts resulting in full compromise of access credentials, thanks to a focus on the human side and social engineering attacks.
In a major turnaround towards safer systems, applications doubled their security posture during 2020. Other findings include insecure protocols dominating (22.7 percent) top vulnerabilities across all industry verticals except technology.
You can find more details of the report on the Coalfire site.