Cybersecurity Posture by Country: U.S. Not the BestCybersecurity Posture by Country: U.S. Not the Best
Your enterprise may have excellent security, but that doesn't mean that everyone you work with also has excellent security.
February 14, 2019
Comparitech recently published a study on 60 countries covering which have the best and worst state of cybersecurity. It discovered huge variances across a number of categories, from malware rates to cybersecurity-related legislation. No single country was found to be best across all categories, but overall, the U.S. was ranked fifth most secure, behind Japan, France, Canada and Denmark.
Attack Sources
Cybersecurity robustness is the ability of organizations and processes to continue operating by repelling and preventing the majority of attacks. Most attacks come from those who hack for profit or hack to make political statements.
There are many sources of attackers, and some of those sources don’t even know they are attackers. An organization will have customers, hardware and software product vendors, service providers, VARs, MSPs, auditors, cloud services, software developers, contact centers, and consultants; in other words, there are lots of points of entry.
Attacks can be due to negligence, mistakes, or misuse of resources. Even if you’re happy with all the organizations your enterprise works with, do you know if any of them are using third-party personnel or third-party services to support you? The unknown third party may be an attack source, too. The real question is, who do you give access to, when, and why?
Attackers Know No Bounds
Although a country may be ranked strongly in cybersecurity, it does not mean that there are few or no attackers resident in that country. Many of the attacks on U.S. entities come from foreign countries. In other words, country borders mean nothing to attackers.
Ranking Criteria
Comparitech’s report divided the analysis into seven categories:
The percentage of mobile devices infected with software designed to obtain unauthorized access to, destroy, or disrupt a mobile device’s system
The percentage of computers infected with software designed to obtain unauthorized access to, destroy, or disrupt a computer’s system
The number of financial malware attacks and programs created to steal a user’s money from a bank account on their computer system
The percentage of telnet attacks (by originating country), which is the technique used by cybercriminals to get people to download a variety of malware types
The percentage of attacks by cryptominers who take over a user’s computer and use its resources to mine currency without the user’s permission
The best-prepared countries to ward off cyber attacks
The countries with the most up-to-date legislation including draft regulations
These seven categories were used to develop the map below. If you access the Comparitech report, you can interact with the map covering the 60 countries.
The results for the least safe country in these seven categories are:
Mobile malware infections – Bangladesh – 35.91% of users
Financial malware attacks – Germany – 3% of users
Computer malware infections – Algeria – 32.41%
Telnet attacks (by originating country) – China – 27.15%
Attacks by crypto miners – Uzbekistan – 14.23% of users
Preparedness for cyber attacks -- Vietnam
Worst legislation for cybersecurity – Algeria
Do you have business or customer relationships with any of these least safe countries?
Best Prepared for Cyber Attacks
As I mentioned, one of the areas studied dealt with how well a country is prepared for cyberattacks. The countries were ranked from 0.000 to 1.000 with 1.000 as the highest rating -- i.e. best prepared. As follows, the countries that are best prepared for cyberattacks are:
Singapore -- .925
United States -- .919
Malaysia -- .893
Australia -- .824
France -- .819
Canada -- .818
The worst score in this category was earned by Vietnam with a score of .245. An attacker can create a back door in a country that has poor security protection that does business with your organization, using that access to attack a better protected country and behave like a legitimate organization.
Take a Look at Israel
One of the countries not covered by the report is Israel. I think Israel would have fared well on the list of best countries for cyber security. That’s because Israel has created a framework for cyber security and published the “Israel National Cyber Security Strategy in Brief.” Israel also has a robust network of startup and existing security companies creating products and services for internal as well as international adoption. Read the brief; it will help you think about cybersecurity and how to achieve it.
Thoughts
You may evaluate your employees’ security and maybe your contactors. That is necessary, but not sufficient on its own.
Did you run security checks on those entities and their employees who have access to your network and applications?
Do any of those with access employ third-party personnel or services?
Have you studied the agreements with those outside your organization to determine the liabilities they accept or do not cover?
How often do you re-evaluate your security relationships with other organizations?
If there is turnover with the outside organization’s staff, how do they ensure that no security problems are created by the departure?
You may have excellent security. That does not mean that everyone you work with also has excellent security.
