1 in 4 pen tests reveal critical IT weaknesses

Editorial Type: News Date: 2021-02-02 Views: 557 Tags: Networking
Penetration test data from 2020 has revealed that critical flaws found in business infrastructure and applications have increased since the previous year (where it was 1 in 5), with under-investment in cyber defences and lack of security culture cited as the main causes.

This is according to the 2021 Cyber Security Industry Report 2021 from Bulletproof. The report reveals that attackers continue to take advantage of the current global crisis by targeting organisations with poor security, using tried and tested techniques well understood by the security industry.

By analysing data from penetration tests and proactive monitoring, as well as compliance insights and research, Bulletproof identified that intelligence is often not good enough and provides a false sense of security. Remote workers are at a higher risk of falling victim to phishing campaigns as attackers have increased their use of this tactic and been successful. Key findings include:

  • Out of 9,000 IP addresses identified as belonging to bad actors hitting the honeypot, only 158 (1.7%) were in the top commercial and open-source threat intelligence feeds
  • Critical flaws found during penetration tests has increased since last year, suggesting security is still uninvested and/or misunderstood
  • Bulletproof's penetration testing activities uncovered an increasing trend of homogenisation in underlying web technologies, presenting often overlooked risks to businesses
  • 33% of companies have out of date systems, validated by the penetration test statistics which show 32% of companies are vulnerable due to out of date components
  • 23% of companies are failing audits due to endpoint malware protection tests, raising concerns for businesses with remote workers