The global leader in enterprise security has announced new data. This has come out after the company did instrumental scanning of the network perimeter of up to 3,514 corporate information systems. The company declared that data disclosed that most of these companies suffer from high-risk vulnerabilities. This scan included network service devices, workstations as well as servers.
But one more thing that came up was the fact that more than half of these vulnerabilities can easily be fixed by updating software.
Vulnerabilities by the statistics
To understand the risk organizations are at, look for the following statistics.
- 84% of organizations have high-risk vulnerabilities. These organizations belong to the manufacturing, retail, government, IT, finance, advertising & telecom sectors.
- 58% of the companies with a high-risk vulnerability have shown the presence of a publicly available exploit.
- 10% of the scanned organizations have vulnerabilities with publicly available exploits. This makes it easier for even novice attackers to exploit them.
Causes of these high-risk vulnerabilities
One major cause of these vulnerabilities was found because of outdated software. Besides this, other causes include:
- Outdated protocols
- Outdated algorithms
- Errors in web application code
- Accounts with default passwords and
- Configuration flaws
Vulnerabilities as old as 16 years found!
Most of the vulnerabilities found in the report could be easily mitigated. By patching up software, protocols as well as algorithms, organizations could fix them. Besides this, many organizations were found to be used beyond their end of life date. In fact, the oldest one amongst these was 16 years old.
In the scanning, certain interfaces also came to light. These interfaces were used quite frequently to launch attacks on the system. These interfaces included Network Virtual Terminal Protocol (Internet), TELNET, Secure Shell (SSH) and Remote Desktop Protocol (RDP). Once the attackers gained access, it gave them the freedom to launch brute force attacks. Most organizations had network perimeters for their corporate information systems that were highly vulnerable to external attacks.
The solutions are simple!
47% of all the detected vulnerabilities by Positive Technologies could be fixed by simply installing the latest version of the software. Almost all the companies under scanning showed problems in maintaining updated versions of the software. In fact, for 42% of these, the case was worse. They were continually using software that had reached an end of life & had no more released updates. Positive Technologies suggested these organizations to update their software in order to mitigate risks due to the detected vulnerabilities.
Minimizing the number of services
Another suggestive remedy was to minimize the number of services on the network perimeter. Besides this, the organization would have to ensure that the accessible interfaces are available from the internet. But here, the organizations must ensure that these interfaces are securely configured. Also, timely patching of vulnerabilities is a must in this case.
The organisation has stressed on the importance of automation, calling automated security the initial step for achieving an acceptable level of security. Modern tools allow organizations to automate a number of tasks, like resource inventories & vulnerability searches with security analysis tools. You can also try to assess your complete infrastructure’s security policy compliance. Though for best results, it is suggested that organizations prefer penetration testing along with automated scanning.
In the age of cybersecurity, where one sees the exploitation of vulnerabilities every day, organizations need to take ample steps to ensure their data safety. Only by fixing these vulnerabilities in time, can they mitigate the risk of exploitation. On the other hand, is it truly safe for users to trust organizations with their data when they palpably do not do enough to secure it?