Title | Patchable and Preventable Security Issues Lead Causes of Q1 Attacks | |
Date | Friday July 01 2022, @08:48AM | |
Author | janrinok | |
Topic | ||
from the patchable-and-preventable dept. |
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks:
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.
Eighty-two percent of attacks on organizations in Q1 2022 were caused by the external exposure of a known vulnerabilities in the victim's external-facing perimeter or attack surface. Those unpatched bugs overshadowed breach-related financial losses tied to human error, which accounted for 18 percent.
The numbers come from Tetra Defense and its quarterly report that sheds light on a notable uptick in cyberattacks against United States organizations between January and March 2022.
The report did not let employee security hygiene, or a lack thereof, off the hook. Tetra revealed that a lack of multi-factor authentication (MFA) mechanisms adopted by firms and compromised credential are still major factors in attacks against organizations.
The study looks at the Root Point of Compromise (RPOC) in attacks. The RPOC is the initial entry point through which a threat actor infiltrates a victim organization and is categorized as the external exposure to a known vulnerability, or a malicious action performed by the user or a system misconfiguration.
"Incidents caused by unpatched systems cost organizations 54 percent more than those caused by employee error," according to the report.
[...] According to Tetra Defense, the widespread awareness about the Log4Shell vulnerability minimize the active exploitation and was only the third most exploited external exposure accounting for 22 percent of total incident response cases. The Microsoft Exchange vulnerability ProxyShell outpaces the Log4Shell and leads the way by accounting for 33 percent of cases.
The Tetra Defense revealed that nearly 18 percent of the events were caused by the unintentional action performed by an individual employee in the organization.
[...] "Advocating for better patching practices has almost become a cliché at this point as it's common knowledge that it plays a major role in reducing cyber risk," Tetra Defense noted.
"To best prevent exploitation of external vulnerabilities, organizations need to understand their attack surface and prioritize patching based on risk, all while ensuring they have the defenses in place to protect their systems knowing that that will have obstacles that will prevent them from immediately patching vulnerable systems," Tetra Defense added.
Links |
printed from SoylentNews, Patchable and Preventable Security Issues Lead Causes of Q1 Attacks on 2024-04-17 20:25:56