Computer software development firms have been identified as the industry which is worst at protecting themselves against cyber threats.
Research carried out by cybercrime experts FoxTech revealed that among the worst industries at risk of cybersecurity breaches are computer software development companies with an average cyber risk score of 166, followed by publishing (152), research (115), transportation, trucking & railroad (111) and civil engineering (102).
The cyber risk score, which is calculated using publicly available information and an analysis of a wide range of cyber security indicators, is an immediate indicator of how high or low the risk of a potential cybersecurity breach is for a company. Companies with scores of 75 or more are at extreme risk of cyber-attack while those below 25 are considered to be low risk.
The firm said: “Cybersecurity is ignored by businesses at their peril. However, no matter how seriously a company believes it is safeguarded from data breaches and other cybersecurity risks, are they really doing everything they can to ensure their business, and more importantly their customers, are protected?”
Anthony Green, CTO and cybercrime expert at FoxTech, explained: “We audited hundreds of companies across a wide range of sectors and found that while industries such as banking (cyber risk score 6) and performing arts (cyber risk score 5) are at very low risk of a potential attack, other industries fell woefully short when it came to ensuring their cyber protection was up to scratch.”
However, the issue is not that companies do not care about cybersecurity, but that they are unaware that their IT infrastructure is not robust enough to stave off an attack.
“In many cases, companies will be entirely unaware that the antivirus or endpoint protection software they have invested in simply isn’t robust or far-reaching enough to prevent a cyber-attack from occurring,” he added. “Alternatively, companies might be under the misapprehension that they are safe from attack because they have invested in cloud-based services. Sometimes, a company can be exposed by something as simple as poorly managed user accounts, software that is out of date or inadvertently leaving their database visible to the internet and therefore exposed to hackers.”
On average, hackers will spend 207 days between breaching a company’s IT security and exploiting it. Anthony says this shows that it’s a gradual process rather than something that happens overnight.
“The fact that hackers are going undetected for more than half a year tells us that there is time to prevent cyber-attacks from occurring and an opportunity to protect companies and their customers on a much higher level – so long as businesses are aware of the potential weaknesses in their systems and how they can fix them, even if a hacker is already gathering what they need,” added Green. “The best thing to do for any company is to arrange a cybersecurity audit of their IT systems, process and procedures. This won’t necessarily be through their IT provider, but via an independent company that is set up to focus fully on cybersecurity, analysing cybercrimes and data breaches – ultimately an ‘anti-hacker’.”