Cybercriminals can break almost any corporate infrastructure 93% of the time and trigger 71% of dangerous outcomes deemed ‘unacceptable’ for businesses, according to a report by Positive Technologies.
Based on data obtained during information security assessments for clients between the second half of 2020 through the first half of 2021, the report reveals an external attacker can breach the organization’s network perimeter and gain access to local network resources within an average of two days.
The study was conducted among financial, fuel and energy organizations, government, industrial, IT companies, and other sectors. Researchers were able to penetrate corporate networks mostly through exploitation of known vulnerabilities in software (60% of projects) and in the code of web applications (43%).
Researchers determined credential compromise is the main way criminals can penetrate a corporate network (71% of companies), primarily because of simple passwords used, including for accounts used for system administration.
Read: Senate Passes Infrastructure Bill Allocating $1.9 billion For Cybersecurity
Once attackers have credentials with domain administrator privileges, they can obtain many other credentials for lateral movement across the corporate network and access to key computers and servers. Administration, virtualization, protection, or monitoring tools often help an intruder gain access to isolated network segments.
Most organizations have no segmentation of the network by business processes, and this allows attackers to develop several attack vectors simultaneously, and trigger several of a company’s unacceptable events, according to the report.
What It Pros Can Do
“In order to build an effective protection system, it is necessary to understand what unacceptable events are relevant for a particular company. Going down the path of the business process from unacceptable events to target and key systems, it is possible to track their relationships and determine the sequence of protection measures in use,” says Ekaterina Kilyusheva, head of research and analytics at Positive Technologies.
“To make it more difficult for an attacker to advance inside the corporate network toward the target systems, there are a number of interchangeable and complementary measures organizations can take, including separation of business processes, configuration of security control, enhanced monitoring, and lengthening of the attack chain. The choice of which technology solutions to use should be based on the company’s capabilities and infrastructure,” she says.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply