For years, HiSolutions has published findings on the cybersecurity situation in companies and authorities every year in the vulnerability report. The current report 2021 shows a positive development, which however allows a critical assessment.
Cyber security has become one of the top topics on the agenda of companies and authorities around the world in recent years. With the progressive implementation of digitization, the critical consideration of IT security is becoming increasingly important. Legal requirements, competitive pressure and, above all, economic interests force companies to deal intensively with the question of where their systems can be attacked, what consequences weak points can have and how they can be effectively eliminated.
Weakness Report 2021 shows the deficits
With the vulnerability report, HiSolutions literally puts its finger in the wound. Since 2013, the IT consulting specialist for security and IT management has been showing precisely which problems have occurred more frequently in the past year and how serious they were. The necessary data basis is provided by a systematic evaluation of an aggregation of the penetration tests carried out by HiSolutions in one year on behalf of the customer. A development of the security situation can also be derived from the comparison with the results from the vulnerability reports from the past few years.
The assessment of IT security in the past year results from a total of 89 penetration and vulnerability tests that HiSolutions carried out in 2020 for companies and authorities.
Basis: Almost 90 vulnerability tests
Development of criticality from 2013 to 2020: 11 percent of critical weak points are fewer, but not good (Image: HiSolutions).
In the evaluation and presentation of the test results, HiSolutions is based on the "OWASP Top 10". In the "Open Web Application Security Project", the 10 most serious weaknesses in web applications in terms of frequency and impact are identified. However, since the OWASP criteria only partially coincide with the findings and test objectives of the vulnerability report, HiSolutions adds four further categories. In the report, vulnerabilities are classified into four categories based on their severity: Critical, High, Medium and Low.
In summary, the 2021 Vulnerability Report shows at first glance a positive development in cyber security compared to the previous year. It is true that the number of weak points classified as medium (medium) and weak (low) has increased. However, the increase is accompanied by a measurable decrease in critical (critical) and high (high) security gaps. In the overall evaluation, however, HiSolutions warns against interpreting this result as a fundamental improvement in the security situation in companies and authorities. Rather, it can be assumed that the special circumstances of the Covid 19 pandemic are reflected in the results.
Circumstances clearly seen by Covid-19
Development of the criticality of the findings by category compared to the previous year (Image: HiSolutions).
The implementation of internal penetration tests is of particular importance for testing IT security in companies and authorities. They simulate the intrusion into an IT infrastructure, which on the one hand can cause a lot of damage and on the other hand, companies are in many cases not adequately protected against. Due to the measures accompanying the pandemic, such as lockdowns, travel restrictions and the relocation of business operations to the home office, many vulnerability tests were carried out in an alternative way in 2020 that is not completely comparable with the conventional test type. Where penetration tests were carried out by HiSolutions on site, there was no significant improvement in the security situation compared to the previous year. The complete HiSolutions Vulnerability Report 2021 is available online for free download.
More at HiSolutions.com
About HiSolutions
HiSolutions AG is one of the most renowned specialists for security and IT management in German-speaking countries. For more than 25 years we have been combining highly specialized know-how in the areas of IT service management and information security with design strength, innovation and implementation skills. Around 250 employees support small, well-known medium-sized and large institutions from almost all industries as well as from public administration in the federal, state and local governments in using the opportunities of digital change for themselves and in mastering the associated risks.