SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Software development companies hit hard by cyber crime
Fri, 3rd Dec 2021
FYI, this story is more than a year old

Research carried out by cyber crime experts FoxTech has revealed that among the worst industries at risk of cybersecurity breaches are computer software development companies.

These companies had an average cyber risk score of 166, followed by publishing (152), research (115), transportation, trucking and railroad (111), and civil engineering (102).

The cyber risk score, which is calculated using publicly available information and an analysis of a wide range of cyber security indicators, is an immediate indicator of how high or low the risk of a potential cybersecurity breach is for a company, according to FoxTech.

Companies with scores of 75 or more are at extreme risk of cyber attack, while those below 25 are considered to be low risk.

Anthony Green, CTO and cyber crime expert at FoxTech, explains, “We audited hundreds of companies across a wide range of sectors and found that while industries such as banking (cyber risk score 6) and performing arts (cyber risk score 5) are at very low risk of a potential attack, other industries fell woefully short when it came to ensuring their cyber protection was up to scratch.

However, the issue is not that companies do not care about cybersecurity, but that they are unaware that their IT infrastructure is not robust enough to stave off an attack, Green says.

He says, “In many cases, companies will be entirely unaware that the antivirus or endpoint protection software they have invested in simply isn't robust or far-reaching enough to prevent a cyber attack from occurring.

"Alternatively, companies might be under the misapprehension that they are safe from attack because they have invested in cloud-based services.

"Sometimes, a company can be exposed by something as simple as poorly managed user accounts, software that is out of date or inadvertently leaving their database visible to the internet and therefore exposed to hackers.

On average, hackers will spend 207 days between breaching a company's IT security and exploiting it. Green says this shows that it's a gradual process rather than something that happens overnight.

He says, “The fact that hackers are going undetected for more than half a year tells us that there is time to prevent cyber attacks from occurring and an opportunity to protect companies and their customers on a much higher level - so long as businesses are aware of the potential weaknesses in their systems and how they can fix them, even if a hacker is already gathering what they need.

“The best thing to do for any company is to arrange a cybersecurity audit of their IT systems, process and procedures. This won't necessarily be through their IT provider, but via an independent company that is set up to focus fully on cybersecurity, analysing cyber crimes and data breaches - ultimately an ‘anti-hacker'.