Many global organisations can do a lot more to protect their private data and reduce exposure to attacks by hackers.
Calling on organisations to arm themselves better so they can withstand online threats, KPMG’s observation comes as we publish our ‘Cyber Vulnerability Index (CVI),’ which assesses how businesses are leaking data that exposes them to cyber-attacks. The Report is first of its kind.
As a part of the research conducted over a six-month period, our Security Advisory Services team simulated the initial steps that cyber attackers might undertake against the Forbes 2000 List of Global Companies.
All the research was conducted using public domain data without breaching security.
Among the key headlines coming from the CVI is that websites of over three-quarters (78%) of organisations in the Forbes 2000 are leaking data, potentially creating opportunities for cyber attackers.
Other key findings include 71% of the Forbes 2000 companies may be using potentially vulnerable and out-dated versions of Microsoft and Adobe software Technology and that software sectors are most likely to disclose information in metadata in posts to online forums and newsgroups.
About 16% of companies may be vulnerable to attack due to poor patching or the use of out-of-date server software on their websites.
Reduce exposure
Based on the research, it is clear that companies should do more to cleanse the amount of data they leak on the Internet and should spring-clean their public- facing documents of metadata.
The profile of attackers has been changing over the last couple of years.
Today’s cyber attacker is more likely to be a social activist with an axe to grind, rather than financially motivated.
More troubling still has been the perceived rise of state-sponsored hackers who enjoy the luxury of time and seemingly unlimited resources.
Attackers are aiming to gain better access to greater intellectual property.
While it is difficult to stop these types of people, companies can, at the very least, deny them open access to their secrets, which unwittingly, they may have laid bare. Our findings send out a clear message to business, while the Internet may be your window to the world. It can also create a substantial security risk.
Risk factors
It is the technology and software sectors, which are most likely to leave their information exposed in relation to metadata (information about a document or information on its properties) in documents they post to online forums and newsgroups more than all the other sectors combined.
For example, within these sectors, the research uncovered 419,430 possible usernames spread across 2000 sites.
The research found that information disclosure was not confined to just one country or region of the world. Switzerland (40%), Japan (22%) and Spain (9%) were the top three countries that were most open to attack via vulnerable web server software.
In Japan, the banking sector was found to expose the most information that could be useful to cyber attackers, while emerging markets, such as Brazil, China, Thailand and Saudi Arabia are also at risk.
Patching issue
The research team also found that 16% of companies may be vulnerable to attack due to poor patching or the use of out of date server software.
The utilities sector was identified as being the most vulnerable, affected by issues with out-of-date software on their web servers.
As a result, a successful attack on the website could lead to the attacker gaining control of the web server and its content.
Philip Whitmore is Head of Security Advisory Services at KPMG based in Auckland. KPMG is the Sponsor of the Business Excellence in ICT Category of the Indian Newslink Indian Business Awards 2012.
