- Forbes 2000 companies analysed for cyber resilience
- UK performs well in KPMG Cyber Vulnerability Index
Many global organisations can do a lot more to protect their private data and reduce exposure to attacks by hackers, according to KPMG. Calling on organisations to arm themselves better so they can withstand online threats, KPMG’s observation comes as the consultancy publishes its ‘Cyber Vulnerability Index’ – a first-of-its-kind report assessing how businesses are leaking data that exposes them to cyber attacks.
As part of the research, over a six month period KPMG’s Cyber Response team simulated the initial steps would-be cyber attackers might undertake against the Forbes 2000 list of global companies. All the research was conducted using public domain data without breaching security.
Among the key headlines coming from the Cyber Vulnerability Index is the news that websites of over three-quarters (78 per cent) of organisations in the Forbes 2000 are leaking data, potentially creating opportunities for cyber attackers. However, the UK stood out as a country that is relatively well protected compared to its international counterparts – not even featuring in the top 10 most vulnerable countries.
Other key findings include:
- Technology and software sectors are most likely to disclose information in metadata in posts to online forums and newsgroups
- 16 per cent of companies may be vulnerable to attack due to poor patching or the use of out-of-date server software on their websites
Reduce your company’s exposure
Based on the research it is clear that companies should do more to cleanse the amount of data they leak on the internet and should spring clean their public facing documents of metadata. Martin Jordan, Director of Information Protection comments: “The world of cyber security has been tilted on its axis over the past two years- from the actions of hacktivists and associated groups - through to state sponsored agencies with seemingly unlimited resources.
“Attackers are aiming for an increased competitive edge or to gain better access to greater intellectual property – whatever their level of sophistication. While it’s difficult to stop these groups, companies can, at the very least, deny them ‘open all areas’ access to their secrets which unwittingly, they may have laid bare.”
“Our findings send out a clear message to business – while the internet may be your shop window to the world – it can also be a substantial security risk as well.”
Tech and software sectors: at risk
It is the technology and software sectors which are most likely to leave their information exposed in relation to metadata (information about a document or information on its properties) in documents they post to online forums and newsgroups – more than all the other sectors combined. For example, within these sectors, the research uncovered 419,430 possible usernames spread across the 2,000 sites.
Heat map of the world: countries most at risk
The research found that information disclosure was not confined to just one country or region of the world. Switzerland (40 per cent), Japan (22 per cent) and Spain (9 per cent) were the top three countries who were most open to attack via vulnerable web server software. In Japan, the banking sector was found to expose the most information that could be useful to cyber attackers. While emerging markets, such as Brazil, China, Thailand and Saudi Arabia, are also at risk.
Patching is still an issue
The research team also found that 16 per cent of companies may be vulnerable to attack due to poor patching or the use of out of date server software. Indeed, the utilities sector was identified as being the most vulnerable sector affected by issues with out of date software on their web servers. As a result, a successful attack on the website could lead to the attacker gaining control of the web server and its content.
Mike Petrook, KPMG Press Office
020 7311 5271 (t), 07917 384 576 (m) or firstname.lastname@example.org
Notes to Editors:
KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and operates from 22 offices across the UK with over 11,000 partners and staff. The UK firm recorded a turnover of £1.7 billion in the year ended September 2011. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. We operate in 152 countries and have 145,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. KPMG International provides no client services.