F-Secure’s new Cyber Security Stress Test helps businesses find and learn to fill gaps in their cyber security.
F-Secure has released a new tool to help businesses learn more about their security posture for European Cyber Security Month. The new Cyber Security Stress Test is a quick online questionnaire that can help companies and employees learn more about the kinds of weaknesses that can expose them to costly data breaches and other risks.
The Cyber Security Stress Test is a 20-question test that IT professionals can use to find gaps in their security strategies. A recent F-Secure survey shows that companies are making investments in solutions that are out of sync with their security priorities, creating a situation where they’re exposing themselves to the very risks they want to avoid*.
For example, 94 per cent of respondents agreed that companies could be targets for cyberattacks – regardless of company the size or industry. In addition, respondents ranked protection against inbound cyberattacks as some of their highest security priorities, with four of the six highest ranked priorities chosen by respondents focused on the prevention of inbound cyberattacks. However, only 31 per cent of respondents said their company had endpoint intrusion detection/prevention measures, which are integral to fighting these attacks.
Erka Koivunen, F-Secure’s cyber security advisor, said this points to a significant disconnection between the investments companies want to make and the protection they are buying. “Today’s attackers are putting serious effort into reconnaissance, and many opportunistic attacks are now being used to gather intelligence for targeted attacks. You have to know your systems better than your adversaries do because you can’t protect something if you don’t know it’s exposed. Just installing security software in a set-and-forget fashion is neglecting the realities of today’s threats, and we see companies pay the price for this all the time.”
The Cyber Security Stress Test covers a range of topics, including things like endpoint protection, network security, and company roles and policies. The test attempts to provide indicators that IT personnel can use to identify problematic yet actionable aspects of their company’s security posture. It gives respondents a simple rating on a scale from one to five, with one indicating a “high” risk and five indicating a “low” risk. It also provides tips that IT managers can use to improve their company’s security.
Koivunen, who created the framework for the test, based it on a well-known capability maturity model so businesses could quickly assess their ability to defend themselves from typical threats that small and medium sized businesses face. “These threats typically seek to pierce perimeter security controls, and fool the users to either install malicious applications or leak sensitive information. There is a body of evidence suggesting that existing endpoint security products are not necessarily utilised to their full potential due to a lack of due-diligence in terms of configuration management. The test seeks to direct attention in that direction.”
Koivunen adds that technical solutions need to be flexible and have several components to ensure they remain effective over time. F-Secure’s Protection Service for Business and Business Suite corporate security products let companies choose different software components to fit their needs, allowing companies to adjust their security posture in response to changes in the threat landscape.
About F-Secure
F-Secure has been defending tens of millions of people around the globe from digital threats for over 25 years. Our award-winning products protect people and companies against everything from crimeware to corporate cyberattacks, and are available from over 6000 resellers and 200 operators in more than 40 countries. We’re on a mission to help people connect safely with the world around them, so join the movement and switch on freedom!
Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.