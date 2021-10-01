System Updates and Strong Passwords Can Prevent 60% of Cyber ​​Attacks

Kaspersky’s latest Incident Response Analysis Report showed interesting data on cybersecurity as a whole, particularly on how many users and businesses are not taking optimal protection measures .

    • According to the survey made by Kaspersky, 660% of cyber attacks investigated according to the report, they were able to guess the systems password, that is, they entered by brute force, or they used flaws already fixed in updates from these same networks.

    Anonymous data analysis used as the basis for the The report also shows that brute force attacks are the most used initial vectors to enter a company’s networks. Compared to the previous year, this method shot from % to 31,6%, due to the pandemic and the explosion of teleworking.

    The second most observed type of initial vector is the use of vulnerabilities, with a participation of 55, 5%. The survey showed that in only a few cases recently discovered flaws were used, with the attacks, for the most part, using vulnerabilities that have been publicly known for a long time but have not yet been fixed.

    Graph showing the main initial vectors of virtual attacks, according to the report of Kaspersky. (Image: Reproduction/Kaspersky)

    Another conclusion presented by the report is that more than half of the cyber attacks that have malicious emails, brute force or exploitation as their initial vector of out-of-date program crashes was detected in a matter of hours (31%) or in days ( 31%).

    Finally, the study also shows that attacks that involve an initial brute force vector are easy to detect in theory, but in practice only a fraction of companies manage to stop them before they affect systems.

    Prevention

    Although people with minimal knowledge about cybersecurity know the importance of applying updates regularly, few companies apply this practice, and thus end up facilitating the initial access of criminals to corporate systems.

    For Roberto Rebouças, executive manager of Kaspersky in Brazil, these unsafe password and software updates practices end up becoming the main initial vectors of attacks. He goes on to say that weak passwords and old systems are the real-life equivalent of leaving the house, leaving a window unlocked and the front door key under the rug.

    On the other hand, the adoption of strong password policies for users of corporate networks, according to Kaspersky, can reduce by up to 31 % the risk of attacks. Proper management of system updates also has good numbers, with a reduction of about 31% in scams that use old faults as the initial vector.

    Finally, Kaspersky recommends the following steps for greater protection of corporate systems:

    • Implementation of strong password policies, with multi-factor authentication (MFA) and identity and access management tools;
    • Zero tolerance in update management. Regular updates and vulnerability checks on the network are critical to protecting the business;
    • Training employees so they know how to recognize threats and know how to act in dangerous situations ;
    • Use of security detection and response technologies with managed services (MDR), which are capable of generating reports and checking the status of each part of the system, to manage crises quickly and efficiently.

    The full report can be accessed here.

