Alert Logic provides managed security services for customers around the world. Monitoring and defending companies of all sizes–from small and midsize businesses (SMBs) to large enterprises–in different regions of the world and across various industries gives Alert Logic direct insight into the tools, techniques, and practices being used by attackers, and enables us to share the current state and trends of the threat landscape.
Alert Logic monitors and reviews a tremendous volume of log messages every day. With data from more than 4,000 customers, Alert Logic analyzed 1.3 petabytes of data to compile the information in the Critical Watch Report 2019. That includes 2.8 million IDS (intrusion detection system) events, and more than 8.2 million verified cybersecurity events.
SMBs Struggle to Stay Secure
One of the key observations we were able to make after analyzing the data is that small and midsize businesses are improving cybersecurity in general and doing a better job of patching vulnerabilities—thanks in large part to automated updates. However, we also discovered that for systems that are not up to date, they are often missing patches that are more than a year old. This is particularly concerning, because leaving critical vulnerabilities unpatched for months has led to many of the biggest cybersecurity incidents in history, including SQL Slammer, the Wannacry ransomware attack, and the Equifax data breach.
In addition to the challenge of keeping systems and applications patched against known vulnerabilities, we also found a number of key insights and takeaways—areas where SMBs should focus if they want to improve their security posture and defend effectively against a shifting and growing threat landscape.
Here’s a look at some of the key findings in the report:
- 75% of missing patches are more than one year old
- 42% of the top security issues for SMBs are related to misconfigured encryption
- 66% of cloud workload configuration issues are a function of weak encryption
- TCP ports 22 (SSH), 443 (HTTPS) and 80 (HTTP) represent 65% of port vulnerabilities
One of the most startling findings in the Critical Watch Report 2019, however, is that 66% of the devices scanned are running a Microsoft operating system version that is currently unsupported or will be out of support by January of 2020. That is a ticking time bomb for organizations. Once the operating system is no longer supported by Microsoft, no further research is done to identify or resolve vulnerabilities, and no new patches are developed to fix flaws in the operating system. Running outdated and unsupported operating systems exposes these SMBs to significant risk. In addition, most regulatory and industry compliance frameworks require than operating systems are patched and up to date, which means that running an unsupported operating system makes compliance impossible.
A Better Way to Protect Against the Threat Landscape
Cybersecurity is challenging even for large enterprises with deep pockets and ample resources. For small and midsize businesses, it can seem daunting. Technology changes quickly and attackers adapt and evolve quickly. The threat landscape is constantly shifting, and it takes focused expertise to effectively defend against attacks and identify and detect malicious activity.
There’s a reason that companies around the world trust Alert Logic with their cybersecurity. We have the platform, intelligence, and expertise necessary to deliver confidence and peace of mind more efficiently and cost effectively than our customers could accomplish trying to do it themselves.