Hacker focus on exploiting certain high risk vulnerabilities creates enhanced need for security validation


The shift to work-from-home (WFH) over the past year has prompted a logical shift in hackers vulnerability exploit targets, including Citrix’s Application Delivery Controller (ADC) reportedly for the first time. Though the data point is important, Recorded Future points out that often less than 1% of vulnerabilities have been weaponized within the past month or year. According to the report, “As such, it is imperative that security professionals know which vulnerabilities that impact a company’s technology stack are included in exploit kits, used to distribute ransomware, a remote access trojan (RAT), or are currently being used in phishing attacks”.



The report highlights the importance of security rationalization and validation—assessing and understanding the controls that are working (and thus delivering desired security) and those that are not. Yet the security budget is an area of both potential overspend and underspend. Many companies have poorly optimized budgets. According to Mandiant, companies only use on average 25 percent of the full utilization capacity across all tools in their security stack, resulting in significant waste and redundancies.

In a world of constrained budgets, security validation is critical for companies to:

  • optimize security spend,
  • improve cyber performance,
  • decrease the likelihood of suffering an attack, and
  • lower the downside financial risks associated with poor cybersecurity.

The report highlights the importance of rationalizing security resources not just towards critical vulnerabilities generally but vulnerabilities that pose the highest risks. This means limited staff time and money should be allocated to the highest risk areas.

But how are ‘high’ risk issues defined? It requires not just an internal security view but an outside-in view—the view from outside the corporate network to the inside through a CyFi® (Cyber-Financial) lens. Only a combined inside-out and outside-in view provides clear guidance on where to allocate resources for maximum security returns.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website