1 júl 2022 / 6 minút čítania
Over the years, Citadelo has performed thousands of security assessments and penetration tests globally. This first-hand testing experience and the extensive sample size have allowed us to gain unique insights into the current state of cyber security and the prevalence of various vulnerabilities across different types of IT projects.
In 2021, the statistics we gathered from our own first-hand testing of over 275 projects revealed a total of 2,677 vulnerabilities of varying criticality. On average 50% of projects suffered from at least one critical vulnerability, and medium- to high-level vulnerabilities were found in nearly every project tested.
These results confirm the absolute necessity for comprehensive penetration testing for any IT project, regardless of vertical. The frequency and sophistication of cyber-attacks are constantly on the rise and penetration testing and full-stack security assessments are more crucial than ever in 2022.
In Citadelo’s penetration testing and full-stack security analysis, we identify a full range of project risks, from suggested best practices to critical vulnerabilities. We use the following risk types to categorize the vulnerabilities we identify, from lowest to highest risk:
On average, Note risks made up the highest proportion of vulnerabilities identified at 48%. These types of risks are still highly advisable to resolve but do not present an immediate threat to projects. Critical risks, on the other hand, made up just 5% of the vulnerabilities identified. However, these types of risks represent immediate threats to projects and must be remedied as quickly as possible.
The following chart gives a full overview of the tests performed by Citadelo in 2021:
Overall results | ||||||||
---|---|---|---|---|---|---|---|---|
Web | API | Mobile | Infra | Cloud | Combined | Other | Total | |
Note | 631 | 67 | 196 | 115 | 55 | 174 | 44 | 1282 |
Low | 232 | 24 | 43 | 62 | 118 | 120 | 36 | 635 |
Medium | 125 | 13 | 22 | 32 | 50 | 84 | 20 | 346 |
High | 89 | 10 | 15 | 19 | 55 | 58 | 20 | 266 |
Critical | 54 | 4 | 3 | 21 | 14 | 42 | 10 | 148 |
Total | 1131 | 118 | 279 | 249 | 292 | 478 | 130 | 2677 |
Number of projects | 118 | 22 | 24 | 32 | 18 | 41 | 20 | 275 |
Citadelo provided penetration testing and security audits for a wide range of industries in 2021. While the vast majority of projects (35%) fell under the broadly defined Technology sector, clients from the field of Finance were not far behind, making up 33% of all projects tested. The remaining sectors were fairly evenly distributed, each making up between 3 and 7% of all projects tested.
The over 2,677 vulnerabilities we found present a snapshot of the current state of cybersecurity and the importance of penetration testing in 2022. While less serious errors made up the vast majority of vulnerabilities, the 148 critical vulnerabilities discovered could have resulted in catastrophic consequences had they not been immediately remedied.
Above all, an important common theme was highlighted by our data: whenever the importance of security or penetration testing is overlooked or underestimated, more vulnerabilities inevitably emerge. Whether it be internal infrastructure applications assuming they are safe because they are not connected to the Internet, or cloud service applications that assume the internal audits of their
providers are sufficient, the overarching lesson from this data is that you can never be too careful. Comprehensive penetration testing from experienced agencies like Citadelo is an essential component of any security solution, and its importance will only increase in the years to come.
Download the full report with all of our statistics and analysis here.
To take your project’s security to the next level, get in touch, and we’ll get our hackers on the case ASAP: [email protected].
Všetky články
Prihláste sa k odberu nášho newslettera a získajte všetky dôležité novinky v oblasti kybernetickej bezpečnosti a etického hackovania.