UK trumps US when it comes to fixing security issues

null

UK companies are more mindful to cybersecurity than those located in the US, a new study claims.

A report from Outpost24 found that more than three quarters (76 per cent) of organisations in the UK run security tests to understand their key assets and security exposure.

Among US organisations, just 15 per cent are doing the same.  

There are some instances where UK organisations ignored critical security incidents because they didn’t have time, or the skills, to fix it. That happened in 19 per cent of cases, compared to 42 per cent in the US.

Mobile devices are seen as the biggest threat to security, followed by IoT devices, cloud infrastructure and applications. Then, web apps and finally data assets databases and shares.

“Our study once again highlights that many security operations teams are struggling to keep up with the pace as which threats appear and increase in sophistication,” said Bob Egner, VP of products at Outpost24.

 “Unfortunately, in today’s threat landscape no attack is ever the same, cybercriminals are constantly evolving and updating their techniques in a bid to outsmart security teams and the products they use. However, ignoring a critical security incident should never be an option as this is only asking for trouble. The US regularly tops the list of most attacked countries so security professionals should be taking this threat very seriously and doing all they can to minimise their attack surface.”

When it comes to most popular types of attacks, social engineering took the number one spot with 63 per cent of answers, followed by insecure mobile devices (19 per cent), web apps (14 per cent) and the public cloud (four per cent).

“Our survey results suggest that businesses are adding technology as a key element of their strategy but not preparing their security teams with the skills and resources to keep up.  Hackers understand there are key areas of technology which organisations will often overlook in terms of cyber-security and they will target these weaknesses first. A comprehensive security posture covers the full stack - network infrastructure, cloud environments, applications, mobile devices and even people,” continued Egner.

Image source: Shutterstock/BeeBright