Historically, IT and cybersecurity have mainly been focused on securing IT components, such as data, processes, IT services, servers, networks, etc. However, if the employee is the weakest link in the IT and cybersecurity chain, organisations must emphasizes the importance of identity, access management, passwords and patches.
In a recent penetration testing against organisations in a wide variety of sectors, hackers and cybersecurity researchers could within a few minutes, gain access to the internal networks of corporations by simply exploiting two security failings.
The survey is based on anonymised data from organisations that tested their networks tested, with 71% of companies, with at least one evident and malicious weakness for hacker network entry.
Discipline and follow the basic information security rules
One of the most common security vulnerabilities is weak passwords, that allow hackers to gain access to accounts by using brute-force attacks. Cracking the password on one account usually is not enough to gain full access to an internal network. Still, in many cases, depending on the scripts of a lazy programmer, it just takes seconds to identify and exploit the vulnerabilities to gain access to systems.
Even for large organisations, the issue is already in the low levels of data protection with attack routes that are based on exploiting known security flaws.
Web application with a known vulnerability
The second most common issues are that over two-thirds of organisations used vulnerable versions of software without the required security updates, leaving it open to being exploited.
The increased work from home in 2020, hackers use a brute-force attack to access a remote desktop application as a standard approach and alarming areas during the penetration exercises:
- The user did not have access to multiple applications, by opening a mapping application. The security testers was just able to gain access to the Windows Explorer processes and command lines, which allowed to execute commands on the operating system and gain even more access.
- Gained access to the internals of the corporate network by combining the brute-forcing and software vulnerabilities. Here cyber attacks are protected against by ensuring the use of strong passwords and all applications have security patches to avoid further abuses in the attacks.
These are some examples where hackers quickly access networks as part of security testing. Still, cybercriminals are looking to exploit these vulnerabilities – and could use them to gain access to vast rows and tracks of corporate networks.
For more information register here: https://www.e-compliance.academy/it-and-cyber-security-certification-masterclass-foundation/