• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

Patch management and password policies can cut cyber risks by 60%

FutureCIO Editors by FutureCIO Editors
September 16, 2021
Photo by Markus Spiske from Pexels: https://www.pexels.com/photo/codes-on-tilt-shift-lens-2004161/

Photo by Markus Spiske from Pexels: https://www.pexels.com/photo/codes-on-tilt-shift-lens-2004161/

Password brute force and vulnerability exploitation are the initial vectors of attack to compromise the organization’s environment by 64% of attackers investigated by the Kaspersky Global Emergency Response team.

Kaspersky’s new Incident Response Analytics Report demonstrate that just implementing an appropriate patch management policy decreases the risk of incidents by 30%, and a robust password policy reduces the likelihood of being attacked by 60%.

While the importance of regular patching and updates, as well as the use of strong passwords, is common knowledge for those who have even a little understanding of cybersecurity, these aspects remain weak points in many organizations and provide a way for adversaries to penetrate a company’s system.

Security issues with passwords and unpatched software combine into most initial access vectors during attacks.  

Analysis of anonymized data from incident response (IR) cases shows that brute force is the most widely used initial vector to penetrate a company’s network. Compared to the previous year, the share of brute force attacks has skyrocketed from 13% to 31.6%, perhaps due to the pandemic and the boom of remote working.

The second most seen attack is vulnerability exploitation with a 31.5% share. The research showed that in only a few incidents, vulnerabilities from 2020 were used. In other cases, adversaries utilized older unpatched vulnerabilities such as CVE-2019-11510, CVE-2018-8453, and CVE-2017-0144.

More than half of all attacks that started with malicious emails, brute force, and external application exploitation were detected in hours (18%) or days (55%). Although, some of these attacks lasted much longer, with an average duration of up to 90.4 days.

The report shows that attacks involving a brute force initial vector are easy to detect in theory, but in practice, only a fraction was identified before causing an impact.

Although brute force attack prevention and the control of timely updates do not seem to be problematic for a professional cybersecurity team, in practice, 100% elimination of these issues is virtually impossible:

Konstantin Sapronov, head of the global emergency response team, opined that even if the IT security department does its best to ensure the safety of the company’s infrastructure, factors such as legacy OS usage, low-end equipment, compatibility issues and human factors often result in security breaches that can jeopardize an organization’s security.

“Protective measures alone can’t provide a holistic cyber defence. Therefore, they should always be combined with detection and response tools that are able to recognize and eliminate an attack at an early stage, as well as address the cause of the incident,” he continued.

Countermeasures

To minimize the chances of penetration to your infrastructure, it is recommended to:

  • Implement a robust password policy, including multifactor authentication (MFA) and identity and access management tools,
  • Ensure that patch management or compensation measures for public-facing applications have zero-tolerance. Regular updates of vulnerability details from software vendors, scanning the network for vulnerabilities and patch installations are crucial for the security of a company’s infrastructure,
  • Maintain a high level of security awareness among employees. Conducting comprehensive and effective third-party training programs for employees is a good way to save the time for IT department and get good results,
  • Implement an Endpoint Detection and Response solution with an MDR service, to detect and react to attacks promptly, among other measures. The use of advanced security services allows businesses to reduce the cost of attacks and prevent undesirable consequences.  
Related:  Deel launches in Singapore to empower organisations to hire and pay global talents remotely
Tags: Incident Response Analytics ReportKaspersky
FutureCIO Editors

FutureCIO Editors

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe