Many breaches stem from the same root causes. What are the most common security problems leaving companies vulnerable?
Failure to check code before it’s deployed
Certain risks will stay strong unless businesses change their behavior, says Kelley. Injections, which she explains is a popular vector of attack, have been a known vulnerability type for fifteen years. They will continue to pose a threat to businesses in 2017.
With injections, the problem isn’t coding, she explains, but a lack of understanding among developers on how to validate input. They need to understand what the vulnerabilities are, code robust software, and test it before deployment.
By testing code, businesses can remove vulnerabilities before deploying apps and software, says Kelley. IT and security pros can help developers by providing education and giving them tools to establish apps before they’re launched.
(Image: ESB Professional via Shutterstock)
Leaving source code exposed
Amit Klein, vice president of security research at SafeBreach, cites source code exposure as a popular and dangerous vector of attack. He notes the Yahoo breach is an example of what can happen when source code is left unprotected.
Yahoo used a weak algorithm to generate session cookies, he explains, which enabled hackers to predict the value of cookies Yahoo assigned to their clients. By creating their own cookies, they could bypass password protection and pose as legitimate users. This enabled them to perform actions and gain information on behalf of other people.
Source code should be protected, says Klein. If exposed, it becomes “instrumental” in mounting an attack because hackers can find and exploit weaknesses.
(Image: Mclek via Shutterstock)
Failure to change default passwords
Neglecting to change default passwords and login information is an underlying issue in massive DDoS attacks, says Kelley. Many attacks, like the one caused by Mirai malware in 2016, take advantage of users employing default usernames and passwords.
The risk will grow as more devices connected to the Internet of Things enter our homes and businesses.
For enterprise users, this idea applies to wifi access points, routers, and all vectors where hackers can exploit vulnerabilities. If a business has the same password on multiple devices, access to one means access to all. To maximize protection, they must employ complex passwords.
“We need to get better at not just changing passwords,” she says. “You need to make sure you’re using passwords that are strong and unique.”
(Image: Robert Lucian Crusitu via Shutterstock)
Poor Patching Practices
The lack of a proper patching strategy within an organization can leave it wide open to attack, Kelley notes.
If an enterprise fails to apply patches issued by its software vendors, the enterprise is at risk because a known flaw can then be exploited by an attacker and result in a data breach, she says.
(Image: Lightspring via Shutterstock)
Human error in social engineering, phishing
Phishing has been, and continues to be, a huge issue for businesses in terms of opening themselves to breach exposure, says Kelley. The risk of ransomware, which is often attached to phishing emails, has skyrocketed.
Companies need to learn how to respond to the rise in social engineering and phishing attacks. They can do this by educating users who interact with the systems and teaching them to recognize suspicious content and use strong passwords to protect their accounts.
(Image: Ollyy via Shutterstock)
Poor exfiltration control
A common problem among last year’s breaches was poor control over exfiltration, or data leaving the business, says Klein. In last year’s Department of Homeland Security/FBI case where a hacker claimed to have stolen staff data, for example, the people leaking 200GB of files should have been detected, he says.
It’s important to ensure outbound data has a trusted destination, he explains. In many cases, unsanctioned traffic was leaving the organization and going to a place with a low or non-existent reputation. Improved monitoring would have detected this activity and raised a red flag.
Klein anticipates exfiltration will be a top problem in 2017 and is a promising area for additional security measures.
(Image: Grafvision via Shutterstock)
Failure to recognize infiltration
Cyberattacks are multi-faceted in nature, Klein says. Businesses also need to be on alert for infiltration, or lateral movement hackers take to access the crown jewels of a business.
Attackers are adopting more diverse and advanced techniques, from installing malware to social engineering, to accomplish this. They’re targeting well-chosen victims. They’re using exploit kits to gain access into organizations. Exploit kits, in particular, are quite effective and difficult to address, notes Klein.
“Infiltration is something we should assume,” he says, and businesses can reduce their exposure to this threat with good network segmentation, which is a key step towards better security. Poor network segmentation is leaving companies vulnerable, he adds.
(Image: Hasan Eroglu via Shutterstock)
Find out how to protect your business at: http://cyber.aspida.org