The Synack 2020 Trust Report
If one thing could be said for 2020, it’s that trust is more valuable than ever. We are craving the ability to trust the world around us again. Trust is crucial.
The 2020 Trust Report is Synack’s essential guide for CISOs, CIOs, security practitioners, C-suite and board executives to understand how different industries and sectors of the economy measure up when it comes to security preparedness. The report is grounded in data from Synack’s patented Attacker Resistance Score (ARS)™ Metric and draws information directly from the Synack Crowdsourced Security Platform based on thousands of security tests run from 2019 through July 2020. Twenty-eight percent of the vulnerabilities discovered by the Synack Red Team, the community of ethical hackers working on the Synack platform, were considered high or critical. Synack leads the industry in finding the most critical and dangerous vulnerabilities in customers’ digital assets and apps, giving them the insight necessary to prevent attacks.
The global pandemic has put even more pressure on CISOs and other security professionals, a group that was already stretched thin to address the security implications of the digital transformation. As consumers rushed to adopt work-from-home platforms and video conferencing apps, they expected — and demanded — that companies would protect their security and privacy. Brands that couldn’t maintain that trust faced real and measurable consequences.
The 2020 Synack Trust Report is a must-read for any security professional who has ever been asked by their C-Suite, CEO, or Board: “Can I trust our digital systems?”
According to Michael Coden, Global Leader Cybersecurity Practice, BCG Platinion, Boston Consulting Group, the cybersecurity of your organization’s digital assets is as important as the health of your body. Sharing insight from his forward, according to Coden, Ninety-eight percent of US citizens have not been infected by COVID-19. If you are one of the 2 percent who have been, you have suffered. Ninety-seven percent of the US citizens who have been infected with COVID-19 have fully recovered; however, 3 percent have not. The probability your company will suffer severe damages from a cyberattack is small – but if it does happen, the repercussions can be devastating.
Read on to learn how the most trusted brands in the world measure their risk. The Synack 2020 Trust Report is your guide for measuring the value of security amid uncertainty.
Synack’s proprietary Attacker Resistance Score (ARS) Metric is a measurement of how hardened your assets are against an attack. The overall ARS metric provides a comprehensive view of the applications susceptibility to attack based on a patented algorithm developed and validated by Synack’s data science team.
Synack calculates a unique ARS between 0 and 100 for every asset, assessment and organization it tests. The calculation takes into account attacker cost, severity of findings, and remediation efficiency. The higher the ARS, the more hardened assets are against attack. Basically a high ARS means that it would take significantly more skill and time to breach that asset. Too much time and skill to make it a target for most malicious attackers. Some good news for 2020, Government, Financial Services, Healthcare and Technology sectors all scored above average.
Trust + Healthcare
First let’s take a look at the different sectors. The Healthcare industry’s security has been impacted by COVID-19 on varying levels. How did it fare in our Trust Report? Really well considering the circumstances. The Attacker Score Metric for Healthcare dropped back to 56 in 2020 after a four-point uptick to 60 in 2019. The strong 2019 ARS number was because leading hospitals and healthcare companies prioritized data security alongside HIPAA requirements. This increased attention on security resulted in more hardened healthcare assets – brilliant in hindsight with what unknowingly lay ahead. This security robustness was critical in minimizing the impacts and negative effects from the tornado of COVID-19. The sector has been under tremendous pressure to maintain a vigilant approach to security throughout the COVID-19 pandemic especially as many organizations deployed applications designed to aid with the recovery. Trust in hospitals and healthcare companies has perhaps never been more important than it is today with our recovery from this pandemic depending on continuity of services including care and testing, and eventually public confidence in vaccines. Globally, law enforcement agencies reported an increase in attempted cyber attacks on hospitals, yet actual a breaches are down – a key indicator that thorough security testing is having an impact.
Trust + Government
Earning the highest rating, the Government sector is clearly leading with an overall ARS of 61. The chaos of dealing with a global pandemic in 2020 has certainly added new hardship to many Government bodies, but security hasn’t necessarily suffered as many agencies have become more innovative and agile. Their ability to quickly remediate vulnerabilities drove this year’s top ranking. Over the past year, these agencies collectively reduced the time to fix flaws by 73 percent. Those organizations with higher ARS scores are more protected against hacks.
Synack has worked with government agencies, often deploying within 24 hours, throughout the pandemic to marshall the Synack Red Team, our community of the world’s best ethical hackers, coupled with smart technology to ensure fast and efficient testing. Many of their assets were critical to the pandemic response, thus helping our nation perform vital functions. The government set a new pace for testing, finding, fixing and retesting (patch verification).
Trust + Financial Services
In spite of the massive operational undertaking to shift operations from office buildings to Zoom chats, Financial Services had the second highest ARS this year coming in at 59, just behind Government. With a shift to remote work for critical parts of financial service organizations, like customer support, the sector adapted quickly to help employees adjust to their new remote work realities. Security served as a business enabler by ensuring both customers and employees could continue doing business securely in the completely remote environment. Continuous security testing played a significant role in the sector’s higher ARS.
Trust + Manufacturing and Critical Infrastructure
Other sectors faced a tougher year. The ARS for Manufacturing and Critical Infrastructure dropped to 45 in 2020 from 70 in 2019. Within this sector organizations did score as high as 90 and many of the highest scoring organizations are using a continuous approach to testing. Synack customers put a premium on security testing, while proactively analyzing new assets and digital applications. When it’s lower, organizations face greater risk. With hand sanitizer, toilet paper, food and even RVs in short supply, this segment has been in the eye of the recent storms. Manufacturing and Critical Infrastructure have been under tremendous pressure due to rapid shifts needed to comply with guidelines to reduce the spread of COVID-19 and that strain is evident as they continue to face a constant barrage of attacks. The goal is not to achieve the highest score and then move on, but to continuously measure how well new technologies and assets can withstand attacks. As more and more equipment comes online and more systems are being managed remotely, vulnerabilities will be introduced and ARS scores will be challenged. If an ARS score periodically drops, these organizations should prioritize rapidly addressing new issues so they are then better positioned to defend themselves to future malicious attackers.
Trust is Fragile. Protecting it is Critical
Throughout the pandemic, CISOs have focused on ensuring core business operations aren’t interrupted by attacks. In fact, 70 percent of organizations surveyed this Spring said they planned to spend more money on cybersecurity. At the same time, business leaders are looking more to the cloud as an essential part of their operations. The Boston Consulting Group found that 45 percent of companies surveyed expected migrating apps to the cloud to be a major priority over the next year or two.
Consumers want to trust the brands they rely on every day. Ironically at times like this when healthcare, government, and all industries are under tremendous pressure to keep up, confidence is low, and people need to trust more than ever. Without it, the best brands will struggle in the market and institutions can’t perform vital functions like providing health services or even carrying out the upcoming US elections. Trust is paramount across all aspects of society — and maintaining it in the face of increasingly severe digital threats is a daunting task.
That’s the CISO’s mandate. The ARS is the insight they need to ensure organizations are secure, avoid costly breaches and vulnerabilities, protect their customers and partners and maintain lasting trust and loyalty.
For the full report download click here.
