lywand’s recap

Hero Bild für den Artikel lywand’s Rückblick 2021: Die Zahl 2021 ist dargestellt mit dem Cutout Text Effekt.

Hard facts

  • Together with our distribution partner Nuvias, we have convinced 21 IT service providers of the benefits of lywand and gained them as partners.

  • Our partners have renovated the IT infrastructure of 62 companies with lywand.

  • In total, 308 security audits have been performed.

  • The average duration of a security audit was 9.5 hours.

  • We checked companies with very small infrastructures (from one target) up to large organizations (941 targets).

Lywand acquired 21 partners who performed 308 scans in 2021. In sum, the IT security of 62 companies has been renovated. The average scan duration was 9.5 hours, and the largest infrastructure scanned was 941 targets.

Rating of initial scans

According to the American school grading system from A-F

  • Of all the initial scans that were conducted, the average rating is between E and F.

  • A large proportion of companies (around 60 %) received the poor rating of F in the initial security scan.

  • Around 20 % received a rating of C.

  • The second poorest rating, E was obtained by 15% of the companies.

  • None of the companies had either an A or B rating.

 

Average rating of initial scans: 61% of customers have rating F, 15% rating E, 3% rating D, 21% rating C, 0% rating B, 0% rating A.

Rating of sectors

  • The IT sector performed best, with an average rating of C.

  • Followed by the industry and health sectors, which achieved an average rating of D.

  • The transport sector received a ranking of E.

  • Companies from the trade and tourism sectors had the worst ratings, with an average rating of F.

Average rating of the security situation of different sectors: IT has rating C; Industry and Health rating D; Transport has rating E, Retail and Tourism rating F.

Vulnerability overview

  • The lywand scan cluster currently distinguishes 112,244 different vulnerabilities, which it examines during a security audit of the external IT infrastructure.

  • So far, we have been able to discover more than 6,500 vulnerabilities at our customers' infrastructures.

  • Our partners resolved a total of 986 vulnerabilities with 414 recommended measures.

Lywand is able to detect 112000 vulnerabilities. 6500 vulnerabilities were detected at customers. 986 vulnerabilities have already been resolved by partners.

The most serious vulnerabilities

  1. Insecure or hacked passwords

  2. Security vulnerabilities in outdated CMS systems (Wordpress, Joomla)

  3. Insecure file sharing (ownCloud, QNAP)

  4. Outdated web server software (PHP, jQuery, OpenSSL, Apache)

  5. Outdated operating systems (Windows, Linux)

Most serious vulnerabilities 2021: 1. insecure or hacked passwords, 2. security vulnerabilities in outdated CMS systems (Wordpress, Joomla), 3. insecure file sharing (ownCloud, QNAP), 4. outdated web server software (PHP, jQuery, OpenSSL, Apache), 5. outdated operating systems (Windows, Linux)

The most common measures

  1. Improvement of encryption

    We generally recommend using better encryption methods.

  2. Change server configurations

    We recommend small adjustments of server configurations, thereby solving vulnerabilities or making them no longer exploitable.

  3.  Software update

    Outdated software versions were discovered. These should be updated to avoid known vulnerabilities in older versions.

  4. Change of passwords (disclosed/standard)

    Passwords should be changed immediately when they appear in a published data leak. Default passwords should not be used in general, and we recommend the use of a password manager.

  5. Update of operating systems

    Operating systems should be updated; in some cases, operating systems must be completely reinstalled.

Most frequently implemented measures in 2021: 1. improve encryption, 2. change server configuration, 3. update software, 4. change password, 5. update operating system.

Conclusion & outlook

Need for companies to catch up

Based on the results of our clients' first security checks, it is evident that we found security gaps in all cases and that the assessment was generally poor. With the help of our security checks, possible entry points for cyber criminals were discovered in time and, thanks to our partners, many of the security gaps have already been closed. As a result, the risk of (successful) cyberattacks has been significantly reduced

Often the “small” measures that do not incur costs and are easy to implement are the ones that can quickly improve the security level. It is particularly important that security audits take place at regular intervals so that a possible deterioration of the security situation can be detected quickly.

The data from the last six months illustrate that there is still a lot of demand for awareness and room for improvement in the area of IT security – in all sectors. This encourages us to pursue our mission every day. After all, we are working towards a future where security is no privilege, in which even the smallest company can meet the highest cybersecurity standards.

 

Expansion of partner network & launch of internal scan

We have also set ourselves big goals in 2022. We want to steadily expand our partner network in the DACH region and in the EMEA region in order to give as many companies as possible an easy entry to IT security. 

In addition, our security audit platform go.lywand.com will be enlarged with the internal scan. Soon, our partners will be able to conduct an audit of their customers' internal IT infrastructure in addition to the external audit. (More to come in Q2.)

Interested?

Are you pursuing the same mission as we are and would like to offer your customers a better security? In that case, become part of our partner network!

Book demo

Your company also wants affordable, automated security checks for more visibility? Click the button to find a partner who renovates your IT security!

Find a partner

Teresa Leonhartsberger

January 31, 2022

Category

Company

Might be also interesting

Feature

Whitelabeling

Whitelabeling allows you to customize the Security Audit Platform with your own look and feel. To complete the new feature, we have added another "treat": Read-only Access.

March 21, 2024

Guide

Everything about the NIS2 Directive

Find out everything you need to know about the NIS2 Directive in our article: When did it come into force, which organizations does it affect and what are the specific requirements?

March 8, 2024

Feature

Assessment of IT security

In this article, you will find out why we have introduced probability of occurrence as a new factor in vulnerability risk assessment, and how IT security assessment works in our Security Audit Platform.

February 28, 2024