As the world of technology grows ever more complex and cybercriminals become more aggressive and exploitative in their tactics, those in positions of responsibility can no longer rely on the traditional IT security protection wall around their corporate networks to ward off cyber threats. Sooner or later an attacker will find a way in and from there it is a matter of containing the damage as much as possible and maintaining core business processes in order to continue providing customers with products and services. These practices are not sustainable and for us at Greenbone, the future of IT security is cyber resilience.
Cyber resilience is on everyone’s lips – the media, businesses, manufacturers and even governments are talking about this successor to classic IT security with increasing intensity. But what exactly is cyber resilience? How can it be implemented? What distinguishes organisations that are already resistant to cyberattacks? We at Greenbone got to the bottom of these questions with a large-scale global study alongside Frost & Sullivan. The results are now available in a report which you can read here. Below we look at the key objectives and findings of the study:
Core mission of the study: identify resilience characteristics
We have been working intensively in the field of cyber resilience for several years, but what makes it so important? What challenges do organisations in different industries face? Which best practices should the follow? We looked for the answers to these questions as part of the study with Frost & Sullivan. Indeed, one of our main objectives was to identify particularly resilient organisations and analyse what distinguishes them from less resilient ones. In this way, we hope to offer companies concrete recommendations that they can act on in order to make their operations more resilient. We’ll also use what we’ve learned to further develop our proven vulnerability management technology, which we have recently started offering as a managed service.
Discovery of major data leak in the healthcare sector changed focus of the research
The report pays special attention to those organisations that form part of the Critical National Infrastructure (CNI), from water and energy to finance and healthcare. In the event of a cyberattack, CNI organisations have to take into consideration not only economic losses and reputational damage, but they also have to look at how it will impact wider society and, in extreme cases, if human lives are at risk. For example, if medical equipment is compromised or the power supply to a hospital fails, the knock-on effects could be disastrous. We therefore wanted to enhance the study with real-life examples from the CNI sectors.
As we were searching for examples, we revealed something much larger than we could have imagined: a huge data leak in the healthcare sector, with millions of patient records and associated medical images were freely accessible via a weakness in the PACS (Picture Archiving and Communication Systems) servers. No programming or coding knowledge was necessary to access what included complete medical histories with personal data such as the patient’s name, date of birth, and the attending physician, fully visible.
This discovery was so significant, we couldn’t possibly ignore it. We quickly shifted our focus to help restrict free access to this patient data as quickly as possible, working alongside authorities and IT security specialists around the globe. In cooperation with Bayerischer Rundfunk in Germany and the US investigative platform ProPublica, we helped explain the true extent of the problem. So far we have been very successful in removing access to this patent data, yet some 400 PACS systems are still connected to the Internet, making the patient data stored on them accessible to everyone. For this reason, we continue to maintain close contact with the relevant authorities. Our report on the patient data leak can be downloaded here.
A few key findings
In addition to our work in the healthcare sector, we also reviewed organisations from the energy, finance, telecommunications, transport and water sectors in the report. In total, we surveyed 370 organisations with an average of 13,500 employees from the five largest economies in the world: the United States, the United Kingdom, France, Japan and Germany. From this wide-ranging perspective, we were able to obtain answers to our core questions as well as some other interesting findings:
US companies are at the forefront of cyber resilience:
On average, only 36% of the organisations surveyed were highly cyber resilient. The USA scored highest with 50%, European companies came in around the average, and Japanese organisations were at the lowest end of the scale with only 22%.
Transport sector least resistant to cyberattacks:
Across all the countries surveyed, financial and telecoms organisations (46%) were best equipped against cyberattacks. They were followed by the water (36%), health (34%) and energy (32%) sectors, yet only 22% of transport organisations have achieved a high level of cyber resilience.
Understanding business processes is more important than budget considerations:
Whilst it’s true that the cyber resilient organisations we identified have on average a larger profit turnover and a higher IT budget, the detailed analysis in the study revealed that this is by no means decisive. What we discovered is that a fundamental understanding of the business processes and an awareness of business-critical digital resources play a far more crucial role in organisations being cyber resilient.
Eleven characteristics that distinguish cyber resilient organisations:
In our study we were able to identify three groups of characteristics that increase the cyber resilience of organisations by a factor of two, three and six. From this, we developed a “roadmap” with which organisations can increase their level of IT maturity and create a high level of cyber resilience.
https://www.greenbone.net/wp-content/uploads/01_Logo-mit-Schriftzug_500px_on_white_horiz1.jpg00Patricia Meiberthttps://www.greenbone.net/wp-content/uploads/01_Logo-mit-Schriftzug_500px_on_white_horiz1.jpgPatricia Meibert2020-05-25 11:05:582020-05-25 11:05:58New study reveals what cyber resilient organisations do differently
In a world of growing digital complexity, and as technology becomes more ingrained in our everyday lives, hackers and cybercriminals have sought to take advantage of the situation, aggressively going after new vulnerabilities and flaws that have arisen out of this widening sphere of technological adoption. The likes of Advanced Persistent Threats and ransomware attacks have grown in sophistication and frequency, as has the damage they have caused to organisations and individuals alike.
As a result of these new attack vectors, and as organisations grow to rely on technology to keep varied operations running, IT and business leaders have sought to find a new way to protect themselves. This is where cyber resilience plays a crucial part.
I recently ‘sat down’ with The Times/Raconteur to discuss the current state of business risk, the rise of cyber resilience and to look at what organisations can do to become truly resilient. Below is a brief overview of what was discussed and the link to the article is here:
A new type of cybersecurity
The term ‘cyber resilience’ is relatively new – for us, it means that organisations are still able to function and deliver their business services even when facing an adverse cyber incident. Many organisations seek to become cyber resilient yet many of them are falling behind. This is what we learned in our recent report, conducted alongside Frost & Sullivan, which found that only 36% of organisations across six key industries in the US, UK, Germany, France and Japan are considered to be highly cyber resilient.
The report also revealed that understanding what your key business assets are is more important than budgetary considerations. Whilst certainly the cyber resilient organisations we identified tended to have an higher IT budget, the study revealed that this is by no means the final word. In fact, we discovered that having a fundamental understanding and an awareness of business-critical assets plays a far more crucial role in organisations being cyber resilient.
Indeed, our core objective with this report was to identify resilient characteristics so that we can offer companies concrete recommendations about how they can go about becoming more cyber resilient. This in turn will help us develop our proven vulnerability management technology, which we have recently started offering as a managed service.
During the past year, we’ve made considerable progress at Greenbone. We have added virtual machines to our solutions portfolio and have entered into new distribution partnerships to help us target the North American market, amongst others. We have grown our team significantly and continue to recruit. Currently, we are preparing to launch our first cloud-based managed service platform giving companies the choice over whether to deploy our technology as a service, by virtual appliance or by physical appliance, depending on their needs and requirements. Our goal is to always stay one step ahead of attackers and make businesses of all sizes more resilient to cyber attacks through effective resilience and vulnerability management (RVM).
Sophisticated cyber attacks are commonplace, and it’s inevitable that organizations will be targeted by hackers. This means companies need to find a way to remain operational even in the event that they are attacked. Business disruption from cyber attacks are among the greatest risks facing companies today.
Effective RVM plays a crucial role in an organisation’s business continuity planning. To make companies more resilient, our technology enables them to identify, classify and eradicate threats to their infrastructures. We continuously scan the entire enterprise network for weak points and possible attack vectors. At the same time, we help organizations identify and visualize the various risks to their operations, allowing them to prioritize those that threaten their critical business processes and associated assets. Leveraging a high degree of automation and scanning as widely and deeply as possible, we help our customers establish a state of sustainable resilience.
Our customers recognize the benefits of RVM. However, opinions do differ on how the technology is integrated into their own IT environments. And rightly so, after all, every company has its own competencies, preferences and compliance requirements. Our new cloud-based services, together with our more established physical and virtual appliances, will ensure our customer have wider choice over how to deploy and manage their RVM solution.
We also continue to take our responsibility seriously and provide our technology as a transparent, open solution. Critical infrastructures, in particular, remain an important focus of our security research. Last year, our research into vulnerable imaging servers used by healthcare providers all over the world, helped open the sector’s eyes to a considerable yet largely unknown privacy and security risk. Following this research, we helped hundreds of healthcare facilities bolster their defenses and protected the data of millions of patients. We intend to carry on along this path, making the digital world more secure for everyone.
Enormous demand for Vulnerability Management-as-a-service and as a virtual application
We are currently beta testing our new Greenbone Managed Service Platform, and have been for many weeks. From April, we will be able to offer our proven vulnerability management solution as a cloud service, which customers can use for a monthly fee. Smaller businesses, such as local medical practices, will be able to protect their networks quickly and easily, without in-house expertise. For global corporations, managed services are an interesting option as they make it easy to equip new locations with effective vulnerability management without any great expense. We have recruited an entire team of experts to develop and manage these cloud-based services for our customers. They are configuring these services with great care and diligence, and will, of course, pay particular attention to secure data exchange.
Our mid-range Greenbone Security Manager virtual appliances have been available since mid-2019 and have helped us increase revenues from our virtual solutions by almost ten times between 2018 and 2019. Although the greatest control over security data is still offered by physical appliances, confidence in virtualization solutions has grown significantly as they have advanced. As our CEO, Jan-Oliver Wagner, says: “This cross-architecture flexibility helps our customers meet their own requirements for a Resilience & Vulnerability Management solution in a targeted and efficient way.”
New distributors support international growth
Growing customer demand has validated our decision to offer a wider range of virtual appliances.To help meet this demand, we entered into a strategic partnership with the value-added distributor (VAD) ADN in 2019. This complements our long-standing cooperation with Exclusive Networks, which are distributors specializing in physical systems. In the DACH region, we now have strong distribution partners for both our physical and virtual systems.
We are also expanding more and more into the English-speaking world. For example, we recently signed a deal with InfoSec Industries, based in Florida, which gives us increased access to the North American market in particular, but also support in Central and South America.
New colleagues and a bigger HQ
To meet higher demand, we’ve also increased our headcount. Indeed, in 2019, we welcomed 21 new colleagues to the Greenbone team. This additional expertise has helped us to develop the professional service we offer. With the appointment of Elmar Geese as Chief Operating Officer (COO), we have gained a capable leader with a strong entrepreneurial background who will help us evolve our strategy, process optimization and operational controls.
In order to accommodate our rapidly growing team, we have once again significantly expanded our Osnabrück headquarters.
Conclusion: Focus on customer cyber security and more customers
Cyber attacks can have extremely serious consequences. Our mission is to provide companies of all sizes – from local medical practices to international corporations – with effective vulnerability management that is straightforward to deploy and manage. The considerable international demand for our virtual machines and the already substantial interest in our new managed service platform shows that we are on the right track. We will continue to do everything in our power to stay one step ahead of future attacks.
https://www.greenbone.net/wp-content/uploads/01_Logo-mit-Schriftzug_500px_on_white_horiz1.jpg00Patricia Meiberthttps://www.greenbone.net/wp-content/uploads/01_Logo-mit-Schriftzug_500px_on_white_horiz1.jpgPatricia Meibert2020-03-24 19:21:342020-03-24 19:21:34An update from inside of Greenbone: our year of growth