Skip to main content

Big businesses at highest risk from cyberattacks

(Image credit: Image Credit: Wright Studio / Shutterstock)

New research from Coalfire has revealed that midsized businesses are outperforming their larger competitors as a result of a security 'sweet spot'.

The firm's first annual Coalfire Penetration Risk Report that although larger enterprises have bigger budgets and resources, they are not the best prepared to protect against cybercrime.

While large organisations are still the best at protecting themselves against phishing and other social engineering attacks, the report found a cybersecurity sweet spot among midsized businesses which performed best at protecting their assets and mitigating their security risks in tests.

To compile its report, Coalfire performed 300 penetration tests on 148 companies worldwide to discover that despite having the largest cybersecurity budgets, large enterprises are not the most secure overall.

Across both large and small enterprises though, employees remain companies' biggest weakness either through human error or in creating opportunities for social engineering hacks.

The financial services industry performed better than tech and cloud firms when it came to cybersecurity. Healthcare had the worst external security posture though retail performed three times worse than other industries when it comes to cyber defences.

Coalfire found that out-of-date software, insecure protocols, misconfiguration and password flaws were the greatest threats to external networks while insecure protocols, password flaws and patching flaws were the top vulnerabilities in internal networks.

UK Managing Director at Coalfire, Andy Baratt offered further insight on the firm's research and explained how businesses can improve their IT security, saying:

“Our extensive penetration tests flip the thinking that large enterprises are the most secure, even with significant cybersecurity budgets and investments in staffing and other resources. However, this doesn’t apply to social engineering where large corporates are more secure. Despite bigger companies outperforming their smaller rivals in this area, it’s clear that human error poses the greatest risk to businesses of all sizes. Whether you’re a FTSE 100 company or an SME, the chances are that staff are your cybersecurity Achilles’ heel. By training employees on using strong passwords and being more vigilant at spotting phishing attacks, businesses can significantly increase the strength of their IT security.”

Image Credit: Wright Studio / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.