F-Secure’s new Cyber Security Stress Test helps businesses find and learn to fill gaps in their cyber security
F-Secure has released a new tool to help businesses learn more about their security posture for National Cyber Security Awareness Month. The new Cyber Security Stress Test is a quick online questionnaire that can help companies and employees learn more about the kinds of weaknesses that can expose them to costly data breaches and other risks.
The Cyber Security Stress Test is a 20-question test that IT professionals can use to find gaps in their security. A recent F-Secure survey shows that companies are making investments in solutions that are out of sync with their security priorities, creating a situation where they’re exposing themselves to the very risks they want to avoid.*
For example, 94 percent of respondents agreed that companies can be targets for cyberattacks – regardless of company size or industry. And respondents ranked protecting against inbound cyberattacks as some of their highest security priorities, with four of the six highest ranked priorities chosen by respondents focused on the prevention of inbound cyberattacks. But only 31 percent of respondents said their company had endpoint intrusion detection/prevention measures, which are integral to fighting these attacks.
Erka Koivunen, F-Secure Cyber Security Advisor, said this points to a significant disconnect between the investments companies want to make, and the protection they’re buying. “Today’s attackers are putting serious effort into reconnaissance, and many opportunistic attacks are now being used to gather intelligence for targeted attacks. You have to know your systems better than your adversaries do because you can’t protect something if you don’t know it’s exposed. Just installing security software in a set-and-forget fashion is neglecting the realities of today’s threats, and we see companies pay the price for this all the time.”
The Cyber Security Stress Test covers a range of topics, including things like endpoint protection, network security, and company roles and policies. The test attempts to provide indicators that IT personnel can use to identify problematic yet actionable aspects of their company’s security posture. It gives respondents a simple rating on a scale from one to five, with one indicating a “high” risk and five indicating a “low” risk. It also provides tips that IT managers can use to improve their company’s security.
Koivunen, who created the framework for the test, based it on a well-known capability maturity model so businesses could quickly assess their ability to defend themselves from typical threats that small and medium sized businesses face. “These threats typically seek to pierce perimeter security controls, and fool the users to either install malicious applications or leak sensitive information. There is a body of evidence suggesting that existing endpoint security products are not necessarily utilized to their full potential due to a lack of due-diligence in terms of configuration management. The test seeks to direct attention in that direction.”
Koivunen adds that technical solutions need to be flexible and have several components to ensure they remain effective over time. F-Secure’s Protection Service for Business and Business Suite corporate security products let companies choose different software components to fit their needs, allowing companies to adjust their security posture in response to changes in the threat landscape.
*Source: The survey was run from April 26 to May 16, and collected data from 1780 respondents in Germany, France, Poland, Norway, Denmark, Sweden, Finland, and the UK.