Total Tests:

Research exposes cyber security industry’s vulnerabilities

ITWeb
Tuesday, September 15, 2020

Moreover, 48% of the company’s Web sites did not comply with GDPR requirements – because of vulnerable software, they had no conspicuously visible privacy policy or cookie disclaimer when cookies contain PII or traceable identifiers.

Ilia Kolochenko, CEO & founder of ImmuniWeb, said: “Today, cyber criminals endeavour to maximise their profits and minimise their risk of being apprehended by targeting trusted third parties instead of going after the ultimate victims. For instance, large financial institutions commonly have formidable technical, forensic and legal resources to timely detect, investigate and vigorously prosecute most of the intrusions, often successfully.”

On the other hand, he said their third-party partners, ranging from law firms to IT companies, usually lack internal expertise and budget required to react quickly to the growing spectrum of targeted attacks and APTs. “Eventually, they become low-hanging fruit for pragmatic attackers who also enjoy virtual impunity. In 2020, one need not spend on costly 0days but rather find several unprotected third parties with privileged access to the ‘Crown Jewels’ and swiftly crack the weakest link.”

He advises organisations to have holistic visibility and inventory of their data, IT and digital assets to maintain a strong security and compliance posture. “Modern technologies, such as machine learning and AI, can significantly simplify and accelerate a considerable number of laborious tasks spanning from anomaly detection to false positive reduction.”

However, these tools need to be supplemented by the continuous monitoring of the deep and dark Web, as well as countless resources in the surface Web, including public code repositories and paste Web sites, he ends.

“You cannot protect your organisation in isolation from the surrounding landscape that will likely become even more intricate in the near future.” Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential