Want to know something scary? On a shakily-secured network, attackers can get in and start causing trouble within minutes – or, maybe they’d prefer to lay in wait and collect information for a while first, that’s possible too.
A new report, Penetration Testing of Corporate Information Systems. Has only confirmed some spooky facts. The report was built on anonymous data from organizations that underwent network testing – where “ethical hackers” break into their network and test for security flaws. 71% of the companies tested came back with a critical security flaw.
That’s a lot.
So, what are the two factors?
- Weak passwords
- Old software versions
Are we truly surprised? Not many of us will be. We’re all guilty of using a quick-to-memorize password of our birthday or home address, especially on our home devices. On top of that, we’re also guilty of pushing off updates because we’re busy wanting to finish our next work assignment or start up our video game.
Brute-force attacks are the most common attacks against low-level passwords – essentially a piece of software forces in different variations of codes until one works. It isn’t necessarily fast or efficient, but, it can do the trick against poorly-made passwords.
In addition to weak passwords, over two-thirds of organizations are using vulnerable versions of software that hasn’t received the required security updates, leaving it open to being exploited.
There is also the problem that it is becoming easy to be a hacker. To be a hacker used to require skilled, specific knowledge, including but not limited to programming, now it is easy to download a malware toolkit and get to work.
On top of this, as we have un-updated programs sitting around on our computers, they present security vulnerabilities. Should an attacker enter the network, they’re being given open windows of attack left and right, depending on the number of un-updated software versions lying around on the hard drive – used or not.
Remember the following tips!
- Ensure your passwords are reasonable and up-to-date with the most recent security standards published by the FBI every year.
- Apply multi-factor authentication for all accounts, but at least the most important ones such as banking and critical files.
- Never open unwarranted files or emails.