Security Differences by Industry

Friday, September 25, 2015 @ 01:09 PM gHale

There are challenging performance trends in the critical energy and utilities sector, a new report said.

In addition, despite headlines to the contrary, the federal government is a high performing industry second only to finance, according to a report from BitSight Technologies, which analyzed security ratings of nearly 10,000 organizations in six industries – finance, federal government, retail, energy and utilities, healthcare and education. The objective was to highlight quantifiable differences in security performance across industries from August 1, 2014 to August 1, 2015.

Strategy Shift: Security by Design
DDoS Attacks: Small, but Repeated
DDoS Attack as a Diversion
Mobile Malware Growing on Windows devices

One other fact was whatever industry you looked at there are widespread POODLE and FREAK vulnerabilities.

BitSight used publicly accessible data to rate companies’ security performance on a daily basis. Observed security events and configurations, such as communication with a botnet, malware distribution, and email server configuration, end up assessed for severity, frequency and duration and used to generate objective Security Ratings.

Ratings range from 250 to 900, with higher ratings equating to higher security performance. Industry ratings end up calculated using a simple average of the BitSight Security Ratings of companies in that sector.

Energy and utilities perform lower than retail:
• Over the past year, researchers noted a dip in the performance of energy and utility companies, with the average rating in this sector being 652.
• This is higher than the healthcare sector, which averages a 634 rating, but below the data-breach headline grabbing retail sector, which averages 684.

The Federal Government, in the spotlight in the wake of the OPM mega breach, is the second highest performing sector:
• Analysis of federal government entities shows many are performing well when it comes to overall security performance.
• The average rating for the federal government sector was 688, while the average rating for finance, the top performing industry, was 716.

While companies across all industries have mostly updated their servers to protect against Heartbleed, many have failed to act when it comes to POODLE and FREAK:
• The vulnerability rates for FREAK range from 30 percent in finance to 75 percent in education, meaning that at best, one in three finance organizations is vulnerable to FREAK.
• 79 percent of federal government entities analyzed were vulnerable to POODLE and 90 percent of higher education institutions.