F-Secure launches stress test to detect security holes in enterprise networks

[FlyOnTheWall]

F-Secure launches stress test to detect security holes in enterprise networks

The Cyber Security Stress Test helps businesses discover and fill in holes in cybersecurity practices and strategies.

By Charlie Osborne for Zero Day | October 20, 2015 -- 10:34 GMT (03:34 PDT) | Topic: Security

F-Secure has launched the Cyber Security Stress Test to assist businesses in organizing their security strategies and finding weak points which can be plugged before cyberattackers have the chance to exploit them.

Announced on Monday as part of Cybersecurity Awareness Month, the security firm said the free questionnaire could help "companies and employees learn more about the kinds of weaknesses that can expose them to costly data breaches and other risks."

The 20-page questionnaire is aimed at IT professionals and covers a range of topics including endpoint protection, network security as well as company roles and policies.

When information is submitted, the tool rates a businesses' security standing through risk ratings, forcing departments to take a more objective standpoint on company security. F-Secure also provides assistance and advice in improving security strategies.

Ramping up security efforts should now be a top priority for small, medium and large businesses alike. High-profile cyberattacks are on the rise worldwide and there is a skill shortage which means companies can find it difficult to effectively protect their networks.

According to the Ponemon Institute, the average cost of a data breach in the United States is $6.5 million -- but a company cannot adequately protect itself unless the firm knows where the weak spots are in the first place.

See also: How to launch an effective Red team enterprise hack

Erka Koivunen, F-Secure's cyber security advisor, says the tool can expose disconnects between investments companies want to make -- and the protection, or lack thereof, they are actually buying.

Koivunen, the developer of the test, says the framework was built around typical threats which businesses face, ranging from perimeter penetration to malicious applications and data leaks.

"Today's attackers are putting serious effort into reconnaissance, and many opportunistic attacks are now being used to gather intelligence for targeted attacks," Koivunen said.

"You have to know your systems better than your adversaries do because you can't protect something if you don't know it's exposed. Just installing security software in a set-and-forget fashion is neglecting the realities of today's threats, and we see companies pay the price for this all the time."