No Comments

Cybercrime profits from $11 to $12 for every $1 spent on security


Cyber ​​crime is already a much bigger market than cyber security. Alone, money laundering from cybercrime, now around US $ 200 billion, is much higher than the cost of cyber security in the world, estimated at US $ 136 billion in 2019. In proportional terms, the profit of cybercrime revolves around $ 11 to $ 12 for every $ 1 spent on security, according to a study by cybersecurity company Tenable.

The financial boom of cybercrime, according to the supplier, is closely related to the exponential increase in vulnerabilities. To give you an idea, the number of information security-related vulnerabilities and exposures (CVEs) increased at an average growth rate of 36.6% between 2015 and 2020. The 18,358 CVEs reported just last year represented an increase 6% compared to 17,305 registered in 2019 and an 183% increase compared to 6,487 released in 2015, according to a report by Tenable Research, the security company’s research arm.

According to the study, web browsers such as Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge are the main targets of zero-day vulnerabilities, accounting for more than 35% of all zero-day vulnerabilities exploited in the world. Since browsers are the gateway to the internet, patching this asset is essential for the security of the business network.

The study points out that the drastic changes in the workforce caused by the covid-19 pandemic, which forced most companies to put their employees to work from home, created a brand new set of security challenges, especially for those who use tools like virtual private networks (VPNs), Remote Desktop Protocol (RDP) or videoconferencing applications.

Tenable points out that pre-existing vulnerabilities in VPNs – many of which were first disclosed in 2019 or earlier – remain a preferred target for cyber criminals and groups with political agendas. So protecting them has never been more important. She warns: organizations that still do not prioritize the correction of these flaws are at extreme risk of being invaded.

The report notes, however, that for the average security professional, defining which of these vulnerabilities should be prioritized is more challenging than imagined, since not all are created equally. As a result, Tebable proposes a risk-based approach to vulnerability management processes.

The director general of Tenable Brasil, Arthur Capella, explains that this is an approach similar to the old method of classification of information known as the ABC curve, also called the 80/20 rule, whose objective is to determine which are the most important products of a company. company. “It is to check those vulnerabilities that are in the most critical assets and have the greatest potential for damage and the probability of occurring in the short term and impacting the business. In other words, it is to focus on these vulnerabilities first and then go on to protect the following ones ”, he details.

The executive emphasizes the importance of prioritizing vulnerabilities, especially in larger companies where there is a very large number of them, but which, at any given time, do not offer so much risk because they do not even have many exploits for them. “Tenable’s tool generates a risk score that analyzes how the movement is on the dark web. It is a data lake with trillions of data, with countless different variables, which uses machine learning, and has a research team that is monitoring to generate this score that will point out the vulnerabilities that are most at risk of being exploited ”, concludes .

See the original post at:

You might also like

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.