ElevenPaths, Telefonica’s Cybersecurity Unit, recently released a new report that summarizes the latest cybersecurity insights from the second half of 2019 — covering everything from relevant incidents and vulnerabilities to cyber risk ratings by sector. The information presented is mostly based on the collection and synthesis of internal data that has been contrasted with public information from high-quality sources, including BitSight Security Ratings.
In today’s ever-evolving cybersecurity landscape, understanding the latest threat actors and trends is critical to ensuring you have the right security performance management strategy in place. Here’s an overview of how the key findings from the report highlight that it’s more important than ever to regularly monitor and assess your cybersecurity program.
During the second half of 2019, ransomware continued to be a key form of attack in the cybersecurity space. As ElevenPaths highlighted, this is likely due to the renewed strength of Emotet — a form of malware that proliferates within a network by brute force to obtain sensitive information.
As the ransomware threat continues to rise, various governmental figures are defining their response strategy. For example, during their annual meeting in July, the United States Conference of Mayors decided that ransomware demands should not be paid. This decision came in light of the fact that 170 governmental systems had been attacked since 2013.
Magecart — a group of hackers that specializes in digital credit card theft — kept innovating their attacks on both minor and relevant websites over the latter half of 2019. The group changed its strategy slightly; in some cases, they redirected targets to a fake website to enter their credit card information. Thanks to its new formula (due to exploits in AWS buckets), Magecart has managed to infect an alarming 17,000 domains.
Another notable attack was that on WhatsApp, which experienced its second code execution issue for 2019. During the second half of the year, Facebook fixed a serious security flaw that allowed code execution on any platform running WhatsApp, simply by sending an MP4 file.
In the mobile space, vulnerabilities continued to evolve. Over the course of the second half of the year, 198 CVEs were patched for Apple iOS — 13 of which were critical. This number represents an increase over the previous six months.
On the Android side, 463 vulnerabilities for the Google mobile platform were published. Though Android 10 was released in early September, ElevenPaths found that the Android 9 operating system still had a little more than 22% share — followed by 8.1, 8.0, and 6.0 with a share of around 15% each. This finding highlights that a large population of Android users are opening themselves up to the high security risk of using an unsupported operating system.
In the report, ElevenPaths used the BitSight Security Ratings Platform to develop a security comparison by industry for Spain versus Europe as a whole. Using BitSight’s observable and verifiable security ratings data, ElevenPaths evaluated the average number of effective days from threat detection to neutralization — grouped by the affected economic sector.
The data highlighted that the sectors for which it takes a European company the longest amount of time to fix a malware threat were food production (9.63 days), engineering (8.75 days), and real estate (8.74 days). In the case of Spanish companies, the sectors that had the highest response time were engineering (25.21 days), service management (17.02 days), and trading (10.80 days).
In today’s cybersecurity landscape — where new threats are constantly entering the scene — it’s crucial that you have a plan in place to regularly assess and improve your security performance. With BitSight Security Performance Management, you can measure the success of your cybersecurity program, align investments and actions with the highest measurable impact over time, efficiently allocate limited resources on the most critical areas of cyber risk within your organization, and facilitate data-driven conversations around cybersecurity among key stakeholders.
To learn more about the ElevenPaths findings, download the full report here.
BitSight was recently named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q1 2021. As the creator and largest vendor by market presence in the category, we were honored to be recognized and to be the only...
Vendor risk management is top of everyone’s mind in light of the recent SolarWinds supply chain attack and concerns around weak points in the COVID-19 vaccination supply chains. Both exemplify the need for organizations of all types to...
For obvious reasons, the financial services industry has had the unfortunate distinction of being one of the largest high value targets for threat actors. Research shows that financial services businesses experience 300 more cyber attacks...
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469