In a recent penetration testing against organisations in a wide variety of sectors, hackers and cybersecurity researchers could within a few minutes, gain access to the internal networks of corporations by simply exploiting two security failings.
The survey is based on anonymised data from organisations that tested their networks tested, with 71% of companies, with at least one evident and malicious weakness for hacker network entry.
Discipline and follow the basic information security rules
One of the most common security vulnerabilities is weak passwords, that allow hackers to gain access to accounts by using brute-force attacks. Cracking the password on one account usually is not enough to gain full access to an internal network. Still, in many cases, depending on the scripts of a lazy programmer, it just takes seconds to identify and exploit the vulnerabilities to gain access to systems.
Even for large organisations, the issue is already in the low levels of data protection with attack routes that are based on exploiting known security flaws.
Web application with a known vulnerability
The second most common issues are that over two-thirds of organisations used vulnerable versions of software without the required security updates, leaving it open to being exploited.
The increased work from home in 2020, hackers use a brute-force attack to access a remote desktop application as a standard approach and alarming areas during the penetration exercises:
These are some examples where hackers quickly access networks as part of security testing. Still, cybercriminals are looking to exploit these vulnerabilities – and could use them to gain access to vast rows and tracks of corporate networks.
For more information register here: https://www.e-compliance.academy/it-and-cyber-security-certification-masterclass-foundation/