Patch management, strong passwords cut risk by up to 60%
Implementing an good patch management policy lowers the risk of being breached by 30%, and a robust password policy, by 60%.
This is according to Kaspersky, who found that in six out of 10 cyber attacks investigated by its Global Emergency Response team, bad actors used password brute force and vulnerability exploitation as initial vectors of compromise.
These were some of the findings of the company’s latest Incident Response Analytics Report.
Although it's common knowledge that regular patching and updates, and using strong passwords are critical to keeping organisations secure, they remain weak areas for many businesses and give attackers a foot in the door.
As a result, security issues with passwords and unpatched software combine into the overwhelming majority of initial access vectors during attacks, says Kaspersky.
Analysis of anonymised data from incident response cases reveals that brute force is the most commonly used initial vector to penetrate a corporate network.
When compared to the year before, the share of brute force attacks has soared from 13% to 31.6%, due possibly to the pandemic and workforces in a mass exodus to working from home.
The second most commonly seen attack is vulnerability exploitation with a 31.5% share. Interestingly, research highlighted how in only a handful of incidents, vulnerabilities from 2020 were used. In other cases, bad actors employed older unpatched vulnerabilities such as CVE-2019-11510, CVE-2018-8453, and CVE-2017-0144.
More than half of all attacks that began with malicious e-mails, brute force, and external application exploitation were detected in hours or days. However, some of these attacks lasted much longer, with an average duration of up to 90.4 days. The report highlighted how attacks involving brute force as an initial vector are easy to detect in theory, but in practice only a fraction were identified before causing an impact.
Although brute force attack prevention and the control of timely updates do not seem to be problematic for a professional cyber security team, in practice, 100% elimination of these issues is virtually impossible, the company adds.
Konstantin Sapronov, head of the Global Emergency Response Team at Kaspersky, says that even if the IT security department does its utmost to ensure safety of the organisation’s infrastructure, factors including legacy OS usage, low-end equipment, compatibility issues and human error often result in security breaches that can endanger the company’s security.
“Protective measures alone can’t provide holistic cyber defence. Therefore, they should always be combined with detection and response tools that are able to recognise and eliminate an attack at an early stage, as well as address the cause of the incident,” he adds.
To lower the chances of penetration to your infrastructure, Kaspersky recommends implementing robust password policy, including multi-factor authentication and identity and access management tools.
It also advises to ensure that patch management or compensation measures for public-facing applications have zero tolerance. Regular updates of vulnerability details from software vendors, scanning the network for vulnerabilities and patch installations are crucial for the security of a company’s infrastructure.
Next, Kaspersky says to maintain a high level of security awareness among employees, by conducting comprehensive and effective third-party training.
Finally, the company advises to implement an endpoint detection and response solution with a managed detection and response service to detect and react to attacks promptly, among other measures. The use of advanced security services allows businesses to reduce the cost of attacks and prevent undesirable consequences.