Your vendors probably have cyber gaps. Which are the most common, and how can they be remedied?
To answer these questions, Panorays used data from our cyber posture evaluations of tens of thousands of vendors from numerous industries over long periods of time. We extracted the findings that appeared in a large percentage of the companies and omitted obvious low-risk findings that recur in all companies, such as missing recommended HTTP response headers. We focused on cyber gaps that may have a real effect on the resilience of the vendors, and thus the organizations themselves.
In honor of National Cybersecurity Awareness Month, here are the cyber gaps that we found, the number of companies affected by them and how your vendors can fix them:
Unpatched web server with severe vulnerabilities
Companies affected: 52%
Patch management is a very common and painful subject in the security world, because it involves a great deal of effort and can impact business continuity. We still see that the majority of companies are struggling to patch against known critical vulnerabilities.
Tip: In many cases, attacks against unpatched technologies are opportunistic, rather than targeted. For this reason, it may be advisable to start with other less costly mitigations like obscuring tech versions, virtual patching and WAF. If the company simply obscures the technology they are using, they may be able to protect themselves from these opportunistic attackers.
Significant web assets not protected by WAF
Companies affected: 48%
Websites and apps are targeted by a wide range of attacks—from scraping and DDoS to injections and cross-site scripting. Web Application Firewalls (WAF) have become a must-have for basic protection.
Tip: The emphasis here is on significant. Not every ass ..
Support the originator by clicking the read the rest link below.
