Organizations undergo cyber-attacks via vulnerable web apps
Kaspersky’s report found that the web applications of government bodies were the most insecure, with high-risk vulnerabilities found in every application. By contrast, e-commerce applications are better protected from possible external interference.
“Our research has shown that vulnerable web applications can provide gateways into corporate networks. There are many security measures that can be implemented to guard against this nature of attack – half of these breaches could have been prevented by restricting access to management interfaces. We encourage IT security specialists to identify the vulnerabilities their organisations have and focus on strengthening them,” said David Emm, principal security researcher at Kaspersky Lab.
The results of the 2017 research revealed that the level of protection against external cyber-attacks was low or extremely low, for 43% of analysed companies. Based on the results of the survey, it is clear the issue of security should be a top business consideration for the boardroom, and a top technology consideration for CTOs and CISOs.
In 29% of external penetration test projects, Kaspersky Lab experts successfully gained the highest privileges in the entire IT infrastructure, including administrative-level access to the most important business systems, servers, network equipment and employee workstations.
The information security situation in companies’ internal networks was even worse, according to the report. The level of protection against internal attackers was identified as low or extremely low for 93% of all analysed companies.
The highest privileges in the internal network were obtained in 86% of the analysed companies; and for 42% of them it took only two attack steps to achieve this. Breaching the highest privileges allows the attackers to take complete control over the whole network, including business critical systems.
The impact of the WannaCry ransomware attack on the NHS, and other organisations across the world, was caused – in part – by obsolete software. Even when software patches are released, companies are slow to update their current systems.
In the report, this obsolete software was identified on the network perimeter of 86% of the analysed companies, and in the internal networks of 80% of companies. This suggests a poor implementation of basic IT security processes, which leaves the enterprise as an easy target for attackers.
Müəllif
Metbuat.az
Qaynar xətt
0552252950
Həmçinin oxu
Süni intellekt üçün internet “Bakcell”dən
en.ictnews.az
DİGƏR XƏBƏRLƏR
Daha çox »Top xəbərlər
Layihələr
Son xəbərlər
Bu 4 bürc üçün şanslı dövr başlayır
Bu gün
·
19:42
Hikmət Hacıyev Aİ ilə əməkdaşlıqdan danışdı
Bu gün
·
19:27
Türkiyə nəhəngi dünya çempionatının ulduzunu transfer edir
Bu gün
·
19:05
Nazir ona vəzifə verdi
Bu gün
·
18:18
Milli Məclisin növbədənkənar sessiyasının son iclası keçiriləcək - YENİLƏNİB
Bu gün
·
17:28
Hərbçimiz vəfat etdi
Bu gün
·
17:08
Hasil Abbasov üç nəfərə yüksək vəzifə verdi
Bu gün
·
17:06
Şimşək çaxacaq, dolu düşəcək - XƏBƏRDARLIQ
Bu gün
·
17:04
Əli Əsədov Rusiyanın səhiyyə naziri ilə görüşdü
Bu gün
·
16:47
Rafael Ağayevə ağır itki üz verdi
Bu gün
·
16:35
Paytaxtda maşından meyit tapıldı
Bu gün
·
16:25
Azərbaycanda bank kartları ilə bağlı mühüm açıqlama
Bu gün
·
16:08
“Azərsun Holdinq” şəkər çuğunduru emalı həcmini 800 min tona qaldıracaq
Bu gün
·
15:54
Moda dizayneri Kamilla Məmmədzadə "Yes Couture"brendi ilə birlikdə Azərbaycan xalçalarından ilhamlanan kolleksiyasını təqdim etdi – FOTO
Bu gün
·
15:50
Salahın meneceri Türkiyədə: Bu kluba keçir
Bu gün
·
15:33