Subscribe to Email Updates

Corporate Networks Prove Highly Vulnerable to Attacks

Corporate Networks Prove Highly Vulnerable to Attacks

According to a recent report by an enterprise security solution provider, corporate networks are highly vulnerable to attacks that would give hackers full control of their infrastructure. The report outlines a study of 22 security assessments of corporate information systems at companies across many industries, including information technology, finance, retail and transportation. Researchers at the reporting agency, Positive Technologies, were able to gain full control of infrastructure on every corporate network they attempted to compromise.

Each company had an average of two attack vectors that allowed their network to be infiltrated, according to the report. For one corporation, researchers found 10 vectors. The oldest vulnerability found by the report dates back 18 years.

These results also indicated that penetrating a network perimeter has become easier than in the past. Researchers rated the difficulty of accessing the internal network as trivial in 56 percent of the 2017 tests, compared to 27 percent in 2016. Only 7 percent of the systems studied were moderately difficult to access.

Common attack vectors include:

  • Corporate Wi-Fi networks
  • Phishing
  • Unpatched vulnerabilities

Companies can reduce the likelihood of compromise and protect their networks by taking the following steps:

  • Develop and enforce strict password policies to prevent the use of easily cracked passwords.
  • Implement multifactor authentication, particularly for privileged accounts such as those of domain administrators.
  • Restrict the number of services on the network perimeter.
  • Verify that any interfaces available for connection should really be accessible to all Internet users.
  • Install operating system and application security updates promptly.
  • Ensure the security of wireless networks using robust authentication methods and isolation of access point users.
  • Implement regular information security awareness training and verify employee knowledge on an ongoing basis.
  • Use logging and monitoring systems for timely detection of attacks.
  • Protect web applications using a web application firewall (WAF).
  • Perform regular penetration testing for enumerating vulnerabilities and assessing the effectiveness of applied security controls.

The full Positive Technologies report on corporate cybersecurity vulnerabilities can be found here.

Leave a comment

Jeffrey Macre
Written by Jeffrey Macre
Jeffrey Macre is a senior cybersecurity specialist for Burns & McDonnell. As an experienced leader specializing in information technology security, compliance implementation, infrastructure management, and systems administration, he helps clients design and implement standards, procedures and processes that improve their business efficiency.

Related posts

FERC Issues Final Rule on Protection System Coordination, Personnel Training in Order 847
FERC Issues Final Rule on Protection System Coordination, Personnel Training in Order 847

On June 7, 2018, FERC issued Order 847, a final rule for “Coordination of Protection Systems for Performance During Faults and...