A recent investigation by cyber security company F-Secure has revealed that corporate network cybersecurity defenses are anything but secure. The company recently assessed the cybersecurity protections in place at a large number of companies and discovered thousands of security vulnerabilities that could all too easily be exploited by hackers.
Holes in Corporate Network Cybersecurity Defenses Could be Easily Plugged
The company discovered almost 85,000 vulnerabilities in corporate network cybersecurity defenses. 7% of the 100 most common flaws were severe according to National Vulnerability Database standards, and half of those vulnerabilities could be exploited remotely by hackers. In the majority of cases patches were available to address the vulnerabilities yet they had not yet been installed.
Numerous system misconfigurations were also discovered which could potentially be exploited by attackers. Simple administrative changes could address many of the vulnerabilities discovered by the researchers.
The top ten vulnerabilities discovered by F-Secure had a severity rating of low to moderate. While these vulnerabilities may not allow hackers to gain access to corporate networks, they indicate that the organizations in question do not have strong cybersecurity defenses. If these vulnerabilities were to be discovered by hackers, it could result in the company being probed and tested. In some cases, closer inspection would reveal exploitable weaknesses.
Previous research conducted by the United States Computer Emergency Readiness Team (US-CERT) suggests that in 85% of cases, targeted cyberattacks can be prevented by applying patches. However, F-Secure’s research indicates that patch management practices are substandard in many organizations. Even when patches are applied, all too often they are not applied to all systems and vulnerabilities are allowed to remain.
If patches are not applied to all systems and vulnerabilities are allowed to persist, it is only a matter of time before corporate network cybersecurity defenses are breached.
Internet Threats Now Reaching Critical Levels
An Internet security threat report issued by Symantec earlier this month shows that the threat to corporate networks is greater than ever before. Web-borne threats have increased substantially, while three quarters of websites were determined to contain vulnerabilities that could potentially be exploited by hackers.
Furthermore, the number of zero-day vulnerabilities doubled in 2015. As soon as a vulnerability is uncovered it is rapidly incorporated into exploit kits. Those exploit kits probe for these vulnerabilities and use them to download malware and ransomware.
The threat report also confirmed that ransomware attacks increased by 35% in 2015, while spear phishing attacks increased by 55%. Attacks on large organizations are to be expected, but the report showed that even small businesses are being attacked with increasing regularity.
Unless organizations make it harder for hackers to break through their defenses, the rise in successful cyberattacks is likely to continue.
Have you recently performed a complete risk assessment to check for security vulnerabilities?
Are you certain that all security holes in your company’s defenses have been plugged?