The saying in real estate “Location, Location, Location!” applies to a whole number of factors. And in today’s digital ecosystem it also includes internet speeds. But a new report from Cornet specifically looks at cybersecurity in cities across the U.S.
Least Cyber Secure Cities in America 2019
According to this year’s Coronet “Cybersecurity in the City: Where Small Businesses Are Most Vulnerable to Attack” report, Las Vegas has the honor (or dishonor depending on how you look at it) for taking the top spot among the least cyber secure cities in America – a spot it’s now held two years running .
For small businesses operating in the cities which have been identified as the least secure, it is yet another reason to improve your cybersecurity posture. These types of reports provide great insight into issues you might not be considering. And this is exactly what Guy Moskowitz, founder & CEO, Coronet , points out in the press release for the report.
Moskowitz goes on to say, “The intent of this report is to demonstrate that each city possesses unique attributes which make them more or less vulnerable in terms of cyber risks.” And if you can identify these attributes, you can better defend your business from cyberattacks.
In pointing out some of the reasons Moskowitz adds, “It’s not surprising that business destinations like Las Vegas and New York are relatively more vulnerable given the density and attractiveness to attackers. Increasingly, small and midsized businesses are being targeted by criminals who see them as easier strike targets.”
To that end, Coronet is encouraging small businesses to be more proactive in improving their cybersecurity  posture.
The Data for the Report
Coronet conducted a thorough analysis of a massive set of data for this report. This includes one million endpoints spanning all operating systems; 24 million networks (public and private); 320,000 SaaS accounts (Dropbox, Box, Slack and Salesforce); 270,000 Gmail and Office 365 email accounts.
All of this data was collected and analyzed in the past 12 months from more than 93 million security events. These events were mitigated by Coronet, and they each represented vulnerabilities bad actors could exploit to gain access.
They include malicious Wi-Fi and cellular networks and misconfigured or vulnerable endpoints along with bot attacks, phishing, malware and ransomware in cloud services as well as in emails.
Coronet then standardized a threat index score based on seven distinct device vulnerabilities and connectivity infrastructure scoring. The risk range is 0-10, with 10 being the biggest risk.
With a risk score of 10, Las Vegas has the unenviable number one position again for two years in a row. Not only that, but the report says Las Vegas exceeds the national average in every network and device vulnerability category.
Large number of public Wi-Fis people use in hotels and restaurants across Las Vegas is primarily responsible for this.
Houston takes the number two spot and the city is in this position because of the oil & gas and energy industries. According to Coronet, these industries are dealing with legacy, vulnerability-prone networks and industrial control systems.
The third-place goes to New York City, another location with a large number of hotels, restaurants and public venues. This means more public Wi-Fis and more risk.
The top three least vulnerable cities are Salt Lake City, St. Louis, and Seattle-Tacoma.
Take a look at the infographic from Coronet for the top cities and read the full report here .
Coronet’s Recommendations for Reducing Small Business Risk
If there is one thing you must do to protect your small business is remain vigilant and don’t get complacent. Because with any lull, hackers will exploit and breach your system.
With that said, Coronet says start by conducting a risk assessment so you can identify and address any vulnerabilities. This is for both your hardware and software. And the assessment should include an inventory of all devices and connections. Furthermore, evaluate your apps, software, how you use the technology, and the processes that are in place.
The goal of the assessment is to uncover gaps in security or vulnerabilities you might not be aware of.
After the assessment, you can start implementing solutions to address any of the deficiencies you have identified. Beyond that, you should implement security awareness training, investment in technology, and create an incident response plan.
If you don’t have the expertise find someone who is qualified to put these measures in. And once you implement them, have strong governance in place to make everyone accountable. Again, it is worth mentioning weak governance will make everyone complacent. And that is a state you don’t want your company to be in, in a perilous digital threat landscape.