"It is a well-known fact that today's hackers do not need to hack to infiltrate IT environments. Instead, deception is the cyber attacker's trump card. Research shows once again that organizations' cyber hygiene is substandard and is the leading cause of attacks. It leads to unnecessary compromises that are also difficult to identify afterwards. Hunt & Hackett analyzed 54,400 incidents to reach this conclusion."
"Of all the incident response cases handled by Hunt & Hackett, 71 percent were financially motivated. Ransomware was the most common, at 43 percent, followed by email fraud at 29 percent. CEO Jurjen Harskamp is concerned about the situation. "Our trend report shows that organizations are already struggling to ward off relatively simple, well-known attack techniques, while threats are rapidly increasing. Without a serious catch-up in resilience, there is a good chance that we will see more incidents in the coming years, not fewer.""
"Attackers mainly exploit weaknesses in identity security. Stolen login details, unpatched vulnerabilities in internet-facing systems, and long-overdue IT maintenance are the main points of attack. Access was often gained via vulnerable remote services, edge devices, or the use of stolen credentials. In most cases, the techniques used were already well known, extensively documented, and detectable with the right controls. However, in complex IT environments, it is difficult for organizations to implement these controls structurally."
Hunt & Hackett analyzed 54,400 incidents and found pervasive poor cyber hygiene that makes long-term compromise inevitable. Overdue IT maintenance, weak identity security, and incomplete logging are the primary structural weaknesses. Seventy-one percent of incidents were financially motivated; ransomware accounted for 43 percent and email fraud for 29 percent. Attackers frequently exploited stolen credentials, unpatched internet-facing systems, vulnerable remote services, and edge devices to gain access. Many techniques were well known and detectable with appropriate controls, but complex environments make consistent, large-scale control implementation difficult. Without substantial improvements in resilience, organizations face a higher risk of future incidents.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]