Report: Many large companies affected by security vulnerabilities
Attackers often exploit gaps within software supply chains. This is shown by an analysis of the cyber security of the 100 largest companies in Germany.
(Image: TippaPatt/Shutterstock.com)
With the constantly changing threat situation, attackers are increasingly looking for other ways to gain access to companies' systems. They often find loopholes within the software supply chain, but not necessarily directly at the company itself. The majority of the 100 largest companies in Germany were affected by security vulnerabilities at their third-party providers last year. This is according to a report by SecurityScorecard, which assesses the cybersecurity of companies in various sectors.
Factors such as network security, malware infections, endpoint security, regularity of patches, application security and DNS status were assessed. According to the results, 8 percent of the companies surveyed had a security incident in the past year, 94 percent of companies had a security incident in their "third-party ecosystem".
(Image: SecurityScorecard)
The worst performers in Germany are communications companies, 57 percent of which received a rating of C or lower. This is followed by the healthcare sector, where 50 percent received a rating of C or below. Level A means a simple risk for cybersecurity threats, followed by B (2.9 times), C (5.4 times), D (9.2 times) and F (13.8 times).
With a 20 percent C-level rating and lower, the real estate sector has the second-highest cybersecurity overall. The utilities industry is the most robust sector in Germany – 17 percent of companies received a C rating or lower. 20 percent of companies achieved an A rating and had no security incidents.
According to SecurityScorecard, the analysis is based on 15,000 previous security incidents from the "world's largest proprietary dataset" on cybersecurity risks and threats. Around 40 percent of the companies in the report belong to KRITIS: energy, telecommunications, transportation, industry, and healthcare.
Companies from all sectors worldwide are still struggling with the consequences of the MOVEit security vulnerability discovered in the first half of 2023. According to SecurityScorecard, the expected damage amounts to at least 65 billion US dollars. According to the report, the Middle East, North America, the Pacific region and Northern, Western and Central Europe have the highest security ratings.
(mack)