Cyber criminals still make extensive use of known vulnerabilities, even as zero-day attacks continue to rise.
In joint research carried out by Kaspersky Lab. and Outpost24, unpatched loopholes continue to be a popular means of carrying attacks.
Kaspersky Lab global research and analysis team senior security researcher, David Jacoby, said that this is situation is leading cyber criminals to hack the people that manage the system instead of the corporate system itself.
“The results are a wake-up call for those searching for tailored security solutions that cover the ‘threats of tomorrow,’” he said.
“It highlighted that training your staff to be prudent is just as important.”
Despite companies paying for a dedicated service to look after their security, the research found some corporate systems remained unpatched and vulnerable for a decade.
Even so, Jacoby said that hotels and privately owned companies have so far “shown a greater awareness and security” than government organisations.
A global issue
Outpost24 chief security officer, Martin Jartelius, said the joint research highlights how unsophisticated attacks on corporate networks can have an effect without resorting to expensive zero-day exploits.
“Whether it’s exploiting poor security practices, misconfigured security devices or staff that lack security training, companies should understand that it is possible to gain control of most parts of the organisation, even though no new attacks or methods are used,” he said.
Jartelius adds that the time from when a vulnerability is detected to when it is patched is “almost uniform in every country,” indicating that this is a global trend.
“It is therefore essential to shift the approach to security from stand-alone tools to integrated solutions as part of business processes,” he said.
Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.