Adrian Johnson
“`html
TLDR:
- RSM cybersecurity report finds only 1.6% of organizations had no vulnerabilities
- Main vulnerabilities identified include poor digital identity management, network misconfigurations, missing software patches, and human error
Key Points:
Only 1.6% of organizations analyzed had no cyber vulnerabilities, with an average of around eight vulnerabilities identified in each organization. Major vulnerabilities were found in one-third of tests.
The main sources of security issues identified in the report were poor digital identity management, poor network configuration and architecture, missing critical software patches, and human error.
Digital identity management issues included excessive account privileges, default passwords, and weak password policies, with 19.5% of organizations having vulnerabilities in this area. Missing software patches were found in 51% of internal tests, with Microsoft vulnerabilities being particularly relevant. Unsupported technology vulnerabilities were identified in 40.9% of tests.
Network misconfigurations were a leading cause of vulnerabilities, with 97.7% of tests showing at least one configuration management vulnerability. In terms of human error, 34.6% of tests showed user awareness vulnerabilities.
The report emphasized the importance of strong cybersecurity practices in digital identity, configuration management, vulnerability and asset management, architecture, and user awareness and training to protect against cyber-attacks.
“`
