Cyber hygiene is at an all-time low

By Ian Barker
Published 5 years ago

cyber hygiene

Well-known attacks and attack vectors remained successful because security personnel did not address vulnerabilities and apply patches according to a new report from cybersecurity and visibility business Ixia.

IT vendors created code or configurations that led to many successful security breaches in 2018, but IT operations and security personnel shared the blame due to ignorance of the latest patches and challenges in deploying patches in a timely manner.

In addition Ixia observed more new devices joining networks than ever before, but also more devices designed and deployed without proper measures to stop or even limit threats. Well-understood SQL injections and cross-site scripting vulnerabilities have been used by bad actors to target web applications. Code sharing poses a risk too, despite efforts by the open source community to standardize controls and measures in web development.

"Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018. Misconfigured security and access policies also were a major source of data breaches in 2018," says Steve McGregory, senior director, Ixia Application and Threat Intelligence. "Network and application complexity pose serious security threats and create new vulnerabilities every day. Hackers continue to leverage the complexity as well as existing vulnerabilities and misconfigurations to their advantage. It has never been more important for organizations to take a proactive approach to identify and mitigate such flaws as thoroughly as possible."

Among other findings, Ixia detected 662,618 phishing pages in the wild in 2018, and 8,546,295 pages hosting or infected by malware -- so a successful attack requires only a single errant click on an email or link. This makes people the weakest link in the security chain. A well-crafted and timed phishing attempt can encourage even savvy users to click on compromised links. Successful defense depends on a combination of proactive user education, blocking phishing attacks and malware that crosses the network edge, and detecting and blocking lateral movement in a network.

Cyber hygiene is at an all-time low

Recent Headlines

Six out of 10 businesses struggle to manage cyber risk

Ransomware rampage -- how to fight back against attacks [Q&A]

Audacity 3.5 adds cloud project saving for collaboration, backup and file versioning

Why the financial services industry has to start future-proofing their operations

We're not going to deal with today's IT admin issues with yesterday's technology

AI-powered data management: Navigating data complexity in clinical trials

Workforces need the skills to defend against AI-enabled threats

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE