WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Technology Software Products Wednesday, April 25, 2018 
Add Press Release News | News Feeds Feeds | Email This News Email

Protiviti Cybersecurity Lab Tests and Analysis Reveal Companies' IT Systems Still Vulnerable to Exploits and Digital Treachery
Monday, April 16, 2018

Analysis of testing data in U.S. labs finds almost half of organizations' vulnerabilities have publicly available exploit code

Protiviti Cybersecurity Lab Tests and Analysis Reveal Companies' IT Systems Still Vulnerable to Exploits and Digital Treachery

Analysis of testing data in U.S. labs finds almost half of organizations' vulnerabilities have publicly available exploit code

MENLO PARK, Calif., April 16, 2018 /PRNewswire/ -- A new report released today by global consulting firm Protiviti shares the most common digital threats challenging companies today. The report is based on in-depth analyses of vulnerability scans and tests of IT systems and infrastructure at over 500 organizations. The scans and tests were conducted in the firm's cybersecurity labs across the U.S. over the course of a nine-year period. For the study, Protiviti compiled, assessed and quantified the anonymous vulnerability and threat discoveries in the data, which reveals trends in vulnerabilities, exposures and security posture by industry and company size. The Protiviti study, presented in its "2018 Security Threat Report," provides a roadmap for organizations to improve their overall security posture.

"Our hope is that companies will see the results of our study as a wake-up call to the potential vulnerability of their own IT systems and then proactively make the necessary changes to protect the confidentiality, integrity and availability of the key business processes supported by IT operations, as well their sensitive data 'crown jewels,'" said Scott Laliberte, managing director and global security and privacy practice leader at Protiviti.

The firm's analysis of its wealth of testing data from nearly a decade's worth of security scans reveals several key takeaways, including:

    --  Vulnerabilities that can be easily patched are not being fixed in a
        timely manner, particularly within applications
    --  Organizations are still running a significant number of unsupported
        systems, greatly increasing the risk for breaches
    --  There have been consistent challenges with SSL, especially with weak
        ciphers and diversions
    --  Every few years, a major critical exploit comes along that has a
        dramatic impact on the security landscape (e.g. Heartbleed, Shellshock)
    --  Just under half of the vulnerabilities identified during testing have
        publicly available exploit code (as of the time of testing)
    --  Companies in the consumer products; financial services; healthcare and
        life sciences; technology, media and telecommunications; manufacturing;
        and energy industries are the most vulnerable

"Most of the issues we identified in our assessment can be easily rectified by taking a proactive and programmatic approach to cybersecurity," said Laliberte. "By evaluating security posture on a periodic basis and implementing changes to update IT procedures, companies can significantly lower the risks associated with potential security breaches and attacks. Unfortunately, as the threat landscape has become more perilous, it's only a matter of 'when' your organization will get targeted, so we can't overstate the importance of implementing continuous improvement within your security program immediately."

Based on the security scans and analysis, Protiviti has identified five basic security principles that organizations should implement now to reduce the risk of a breach:

    1. Maintain strong permission and user access controls: By periodically
       checking networks and default permissions/credentials, organizations can
       reduce the likelihood of a hacker gaining easy access to a network.
    2. Provide employee security awareness: Inform employees of the latest
       security threats and social engineering techniques, how they can protect
       themselves, and what the organization is doing to mitigate these risks.
    3. Implement a patch management program: Organizations should use automated
       tools to both identify and apply patches within network devices,
       operating systems and applications. For systems that cannot be upgraded
       or patched, compensating controls (e.g., VLAN's or firewalls) should be
       implemented to protect the rest of the network.
    4. Ensure strong system configuration management: Be sure to look into areas
       such as password and audit policies, services, and file permissions, as
       these should be controlled through the configuration management process.
    5. Conduct periodic penetration testing: Penetration testing and ongoing
       vulnerability management across various pieces of IT infrastructure can
       help organizations identify security vulnerabilities and stay up-to-date
       with the latest tricks and techniques attackers are using.

"In addition to data breach preventative measures, organizations and their third-party providers must work on maturing detective controls and response procedures," said Andrew Retrum, a managing director in Protiviti's security and privacy practice. "Activities that simulate common attack patterns should be carried out to determine whether the organization's defenses can detect and respond effectively in real-world situations."

Protiviti compiled the anonymous, aggregated data, and analysis and trends that are presented in the new report by reviewing in-depth security vulnerability scans of IT systems on behalf of more than 500 organizations in a broad range of industries. From 2009 to 2017, Protiviti's security experts were engaged by these organizations to scan their networks, detect vulnerabilities and help fix issues and establish proper mechanisms for monitoring and prevention. The resulting 47-page report is designed to be a practical resource for CIOs and CISOs, while also revealing the issues and challenges that senior management and boards of directors will want to monitor to help safeguard their companies' data and reputations.

Resources Available
The full report of Protiviti's study, along with an infographic and short video, is available for complimentary download at Copies of the report are also available at Protiviti's booth #4912 at the RSA security conference in San Francisco (April 16-19, 2018).

An archived Protiviti webinar exploring the security scans' key vulnerability and threat discoveries is also available for free here.

About Protiviti
Protiviti ( is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Through its network of more than 70 offices in over 20 countries, Protiviti and its independently owned Member Firms provide clients with consulting solutions in finance, technology, operations, data, analytics, governance, risk and internal audit.

Named to the 2018 Fortune 100 Best Companies to Work For(®) list, Protiviti has served more than 60 percent of Fortune 1000(®) and 35 percent of Fortune Global 500(®) companies. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.

Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

Editor's Note: photos and infographic available upon request.

CONTACT: Kathy Keller, (650) 234-6252,

View original content with multimedia:

SOURCE Protiviti

Email This News Email | Submit To Slashdot Slashdot | Submit To Digg | Submit To | News Feeds Feeds

Nav Airport Security Market to be valued US$16 Billion by 2024 | Apr 25, 2018
Nav FSS Launches Instant Payments to Accelerate Growth of Digital Transactions | Apr 25, 2018
Nav Cashaa Invited to GMTS-Dubai 2018 to Discuss the Future of the Money Transfer Industry | Apr 25, 2018
Nav Inter Voice Over Nominated For Best Voice Over Job Website Globally in the Industry-leading One Voice Awards | Apr 25, 2018
Nav Sapiens Congratulates Integra on Being Named a Celent Model Insurer | Apr 25, 2018
Nav Megaport Supports Hybrid Network Connections to Google Cloud with its Global Software Defined Network | Apr 25, 2018
Nav to Announce First Quarter 2018 Financial Results | Apr 25, 2018
Nav Cengage Integrates Smithsonian Primary Sources into Leading AP® U.S. History Program, The American Pageant, AP Edition | Apr 25, 2018
Nav Carfax Database Hits 20 Billion Records | Apr 25, 2018
Nav Retail Success Celebrates Ribbon Cutting with Open House to Reveal New Headquarters | Apr 25, 2018

Submit News | View More News View More News