… poor cybersecurity practices and misconfigurations contributed to most cases of cybersecurity breach.
Ixia, a technology company that provides testing, visibility, and security solutions, released the third annual Security Report.
The report revealed that poor cybersecurity practices and misconfigurations contributed to most cases of cybersecurity breach.
Here’s a summary of the report.
Ixia’s findings: Top 5 security threats observed in 2018
1: Software security cause the majority of product vulnerabilities
Buyers should research the common vulnerabilities database and confirm fixes with vendors before deploying new hardware or software upgrades.
Ixia found that software security flaws contributed to a record number of security incidents in 2018, especially for web applications.
Code sharing on coding sites, such as Stack Overflow, poses risks as well. Many answers on such sites have security vulnerabilities.
Buyers should research the common vulnerabilities database and confirm fixes with vendors before deploying new hardware or software upgrades. The CVE database can help customers gauge the security track record and response time of a vendor.
2: Humans are the weakest link
It only takes a single click on a malicious link to infect an entire infrastructure.
Even the most tech-savvy security expert can be confused by a well-crafted and well-timed phishing attempt. It only takes a single click on a malicious link to infect an entire infrastructure.
Technological aids or reminders can help reduce the probability of an attack. For example, an email program that highlights when an incoming email looks like potential spam or phishing, or when it is from an external entity, enables you to pay attention and carefully scrutinize the URLs contained in the email. Also, tools such as password managers enable computers to reinforce security and reduce incidents caused by human error.
3: Cyber hygiene is at an all-time low
Internet of Things (IoT) devices are particularly vulnerable to [brute-force] attacks.
Vulnerabilities remain exposed due to ignorance of the latest patches and challenges deploying frequent patches in a timely manner.
Brute-force attacks also increased with the growing popularity of electronic devices. Internet of Things (IoT) devices are particularly vulnerable to such attacks.
Keep your business secure by reviewing public exploit websites (like www.mitre.org) to see a list of common vulnerabilities and apply the recommended patches and architectural fixes.
4: Security vulnerability disclosures are a double-edged sword
Vulnerability reporting helps vendors and consumers identify security flaws, but it also informs hackers, who can react faster than vendors or enterprise IT.
Disclosing vulnerability and exploit information in closed communities can reduce risk and slow hackers down, giving application developers and enterprises an opportunity to patch defects before hackers create tools to exploit the vulnerabilities in the wild.
5: Crypto-jacking activity reached new peaks in 2018
Adding network visibility helps you see when someone or something is mining cryptocurrencies…
Crypto-miners take over infrastructure and create large networks dedicated to crypto mining. This method of monetisation is easier and less risky for hackers than to ransom or steal valuable data.
Adding network visibility helps you see when someone or something is mining cryptocurrencies, so you can curb such activities.
Ixia’s predictions: watchlist for 2019
- Abuse of low-value endpoints will escalate.
- Brute-force attacks on public-facing systems and resources will increase.
- Cloud architectures create complexity that increases attack surfaces.
- Phishing will continue to evolve.
- Multiphase attacks that use lateral movement and internal traffic will increase.
- Crypto mining/cryptojacking attacks will increase.
Download a copy of this report by Ixia.