Attackers have no need of zero-days, breach data shows

Cyber attackers do not have to use previously unseen or extremely sophisticated attacks to bypass defences, analysis of publicly reported breaches in the past year reveals

Most successful cyber attacks are possible because organisations are not doing a good job of protecting their systems, according to Dave Lewis, global security advocate at Akamai Technologies.

Too often, he said, attackers are able to take advantage of unpatched software, system configuration failures, compromised passwords and well-known attack methods such as SQL injection.

“Cyber defenders need to do a better job when it comes to basic security hygiene because most breaches are due to the fact that something that should have been part of a definable, repeatable process was not done,” Lewis told Computer Weekly.

Businesses are failing to look at the core issues that led to known data breaches and learn from them to avoid being breached in the same way.

Based on his analysis, Lewis said patching, or keeping software up to date with the latest security improvements, was one of the biggest problems. It is often neglected like many other basic security tasks.

“Security professionals typically want to move on to bigger and better things, so a lot of institutional knowledge goes with them because they are not usually good at documenting what they do,” he said. “Patching can be challenging and tedious, but it is something we simply have to do – much like preventive medicine.”

Common security failings

Failure to keep security patches up to date on Microsoft Windows systems has been identified as one of the key reasons so many organisations around the globe were affected by an indiscriminate and unprecedented ransomware attack that started on 12 May 2017.

Although relatively simple, the first variant of the WannaCry ransomware was able to infect thousands of machines running on the Microsoft Windows operating system, even though Microsoft had issued a software patch to fix the vulnerability exploited by the malware two months before the attacks.

Failure to manage system configurations was the second biggest common failing revealed by Lewis’s analysis of real-world data breaches.

Continue reading…