Press Release

Fastest Growing Companies Keep Pace Managing Cyber Risk, but Blind Spots Remain According to NormShield Cyber Risk Scorecard Research

Cyber Risk Scorecard

Small Business Week Survey Finds 50% of Top Growing Businesses Expose Users to Risk of Phishing Attacks

ARLINGTON, VA, May 10, 2019 – The 50 fastest growing companies in the U.S. all earn above average cybersecurity risk scores, but half fail to protect their customers, partners, and employees from phishing risk, NormShield, the only provider of standards-based cyber risk assessment and mitigation tools, revealed today.

To get a sense of the state of small business cybersecurity during Small Business Week, NormShield ran its 60-second Rapid Cyber Risk Scorecard (available for free on NormShield.com) on Inc.’s top 50 fastest growing companies. The scorecard reviews 10 cyber risk categories and more than 250 control items to produce a risk score that can be instantly used for evaluation of suppliers and cyber insurance customers.

Researchers found that the top 50 companies have a fairly good handle on their cybersecurity with 37 scoring a B or higher on their scorecards. On average, organizations tend to get a C grade.  However, a deeper dive into the research found the following vulnerabilities:

  • Phishing: Half of the fastest growing companies had trouble combating fraudulent domains, scoring a C or worse. In addition, those with poor email security configurations are more likely to be victimized by sophisticated phishing attacks from threat actors who register domain names similar to those of a legitimate business or service in order to persuade victims who already trust a company’s brand.
  • Out-of-Date Software: Nearly 1 in 3 companies scored C or worse in patch management, exposing servers or other devices with known vulnerabilities to attackers because of out-of-date systems. Of the companies with an overall score of C or worse, 85 percent scored D or F in patch management. Some of the most devastating cyber attacks, including the WannaCry attack in 2017, targeted connected devices running on outdated operating systems that had not been patched. Obsolete systems are easy targets for threat actors. A successful exploitation may result in data loss, reputation damage or financial problems.
  • Cyber Reputation: 28 percent scored C or worse in cyber reputation, exposing their businesses to a loss of profit and reputational harm as a result of the blacklisting of  their company domains or IP addresses (i.e., identified or tagged as bad cyber citizens).

“Small businesses need to have a clear picture of their cyber vulnerabilities. Cyber issues lie both inside and outside their IT networks as companies transition to cloud services and are interconnected with vendors and partners,” said Mohamoud Jibrell, CEO of NormShield. “For small businesses, many of their partners are large businesses that require a robust cybersecurity infrastructure. Continuously monitoring and discovering the holes in your cyber defenses before the hackers do is a key way to adequately identify the most dangerous and costly risks to your organization, reduce the occurrence of attacks, and demonstrate a commitment to cyber hygiene.”

The NormShield Cyber Risk Scorecard is the only risk assessment solution that delivers detailed, accurate data on any company’s security vulnerabilities in 60 seconds or less. For small businesses concerned about their own defenses, NormShield will provide a free scorecard for an organization’s external cyber risk posture as well as the potential risk posed by third-party partners. You can contact NormShield at www.normshield.com.

About NormShield

NormShield enables enterprises to monitor their external cyber risk posture and perform nonintrusive cyber risk assessments of their suppliers, subsidiaries and target acquisitions. Using easy-to-understand scorecards, including our 60-second Rapid Cyber Risk Scorecard, we provide standards-based letter grades on various risk categories, along with data on how to mitigate each risk in priority order.

Media Contact: Adam Benson / Vrge Strategies /[email protected] /
Phone: (202) 999-9104