Recently industry leading security penetration testers put together the most reliable methods for hackers to compromise a network. How do you protect your business from hackers top 5 attacks?
Security penetration testers successfully compromised many organizations using the same kinds of attacks and surprisingly, zero-days or malware attacks were not in the top 5 attacks.
What were the top 5 successful attacks?
- 66% of attacks were successful due to abuse of weak domain user passwords
- 64% of attacks were successful due to broadcast name resolution poisoning like WPAD
- 61% of attacks were successful due to local admin password attacks
- 59% of attacks were successful due to attacks on clear text passwords in memory
- 52% of attacks were successful due to insufficient network segmentation
How Do You Protect Your Business from Hackers Top 5 Attacks?
It is important to understand that protection from these threats does not have to be complex and expensive.
It is important to consult with your management team as well as your IT technical services team. There are some very simple and basic practices and tools in the market that would improve your organization’s security and data.
From the list above, attack number 3 and 4 are extremely simple to clean up if you deploy Microsoft’s LAPS tool on workstations and servers. This will go a long way to protecting against pass-the-hash attacks as well as some central control of your network.
Clear text passwords in memory can be cleaned with a basic registry change. This can be covered by regular Microsoft Windows updates or the installation of Microsoft Security Advisory 2871997 as well as regular monitoring for any unauthorized registry changes.
Finally, you can also easily address number 1 and 2 as they are easy fixes and many need to change your IT policies however number 5 which is insufficient network segmentation should be last as it will take the most time to fix.
There are some technical terms listed above and many of these may be a bit technical. Most business management professionals will not know what they, however, they should be addressed with your IT department, IT consultant or managed IT services provider to ensure your business is protected.
Let our complimentary network and security assessment will put your company security to the test.