Boardish has released a cyber landscape report that summarises the latest changes in the threat landscape. As a tool created for CISOs and cyber professionals who work on quantifying the impact of cyber threats and solutions into financial figures, Boardish has recently moved from beta to production.
The ultimate goal that Boardish wishes to achieve is to simplify the quantification process for CISOs and other cyber professionals, helping them get faster insight into the cybersecurity landscape and impact of new threats and solutions.
With that goal in mind, Boardish has also released a new monthly cyber report.
Their new cyber landscape report shows that the threat landscape has experienced quite a number of changes at the beginning of the year. One thing that they picked up is that there is a link between the three main threat increases that were registered: unpatched machines, ransomware, and data breaches.
The Boardish cyber report places unpatched machines to the very top of cybersecurity issues. This threat experienced the highest increase of 18% after NSA has discovered there is a vulnerability in the Windows 10 systems. The number of machines affected by this vulnerability goes over 900 million, which is more than enough to raise the risk assessment for unpatched machines from medium to high, as it has the potential to be the next nation-state type of attack.
Eternal Blue, the exploit used for the WannaCry ransomware is still affecting machines around the globe. When combined with the number of machines that could potentially be affected and the impact of previous nation-state attacks, any organisation with unpatched machines should treat the risk as a priority.
This leads us to the next threat highlighted by the cyber report: ransomware. It has increased by 11% across all company size categories.
It’s connected to the number of unpatched machines and also the fact that there are numerous other attack vectors for ransomware infections, with phishing being the most popular attack vector.
Ransomware is so popular because it’s the easiest way to get money quickly, but there has been an increase of instances of the ransom NOT being paid, in which case attackers released the data and caused a data breach.
This brings the impact level to maximum. Another interesting finding is that the level of turnover days increased by 15%, and the reason for this is twofold: business systems are more complex, and ransomware attacks are more sophisticated. Ransomware should, therefore, be treated as a top priority threat.
Data breach threat has also increased by 7%, but unpaid ransomware isn’t the main reason. Instead, increased amounts of data were the primary factor in companies with more than 500 employees, as per our cyber landscape report. The data breach risk factor is serious enough to lose market positioning, and coupled with the high-regulation impact, the risk is raised to high.
User error is becoming a more common reason for data breaches, so companies should make sure they are protected not just from external but also internal threats.
The best way to deal with each of these threats can be thoroughly tested in Boardish so that CISOs and other cybersecurity professionals immediately see the effectiveness of solutions and present these in front of the board in financial terms.
For a more detailed insight into the threat landscape, you can download the full cyber report for free here: Boardish Analytical Cyber Reports