Misconduct, inaccurate policies, and incorrect configuration of endpoints are common weak points. The cyber kill chain usually looks for the weakest link in the chain - and that is often the human being. An analysis of the Bitdefender telemetry of 110.000 endpoints in the first half of 2020 shows that misconfigurations and the "weak point employee" are the number one causes for a very high percentage of cyber attacks.
While hackers in Hollywood films always go to great lengths to crack security systems and firewalls, the reality is often different. Few attacks require a cinematic amount of effort. Employed and incorrectly configured systems usually do the main work and create vulnerable gateways. The attacks are also effective in targeting the main weaknesses in corporate security - humans are often one of them.
Endpoint can be a weak point
Endpoint misconfigurations cause around a third of all security incidents, and imprecise remote management policies leave hundreds of thousands of systems vulnerable. Plus: 93 percent of employees recycle old passwords over and over again. According to Bitdefender's Security Intelligence Cloud telemetry, this represents only a small fraction of the security incidents that can be expected in an enterprise.
Companies often try to ensure IT security according to the motto "deploy and forget". You buy special solutions and hand over the responsibility to an already overburdened IT team. But the administrator needs help. Given the targeted attacks, specialized security services are a better answer. Only large organizations with the appropriate budget can afford these services of a Security Operations Center (SOC). In the meantime, however, the offer on the market has become more democratic. Managed Services Providers (MSP) and Managed Security Services Providers (MSSP) offer bundles of Enterprise Detection Response (EDR), Managed Detection and Response (MDR), and SOC services that are also available for smaller and medium-sized companies are within reach.
Human factor
Regardless of all security precautions of organizations, the behavior of the user remains a challenge. Human error doesn't just include a person opening an attachment containing malware or falling for a phishing attack. It includes all actions and behaviors of the user that ensure that a malicious message reaches the employee, that malware can gain a foothold or that the security event can go unnoticed.
In addition, employees often undermine countermeasures by circumventing policies and IT processes in favor of procedures that appear faster and easier to them. A prime example is the reuse of passwords - the front runner among the risks posed by employees. 93,1 percent use login data that they have already used before or use for other access. The companies are partly to blame for the misery: They give employees the opportunity to choose these passwords without having to determine how they are to be changed. Requirements that are intended to prevent employees from interfering with security-relevant processes and settings must, however, be defined and enforced by IT. The top management is also called upon to support such processes.
With the wrong attitude
Human errors also happen to administrators. With insufficient staffing and in view of more complex systems, you are quickly overwhelmed. The risk begins with incorrectly defined company-wide security guidelines. For hackers, they are heaven on earth. An analysis of Bitdefender telemetry from the first half of 2020 shows Window Remote Management (WinRM) as the front runner. It is set incorrectly on 55,5 percent of all endpoints scanned. Attackers look for WinRM vulnerabilities and other incomplete or poorly defined guidelines in order to dial into systems and control them completely remotely. They can execute malicious code, change registry keys or grant PowerShell access. A recent report by ESG and Bitdefender shows that incorrect or risky endpoint settings are the entry point exploited 27 percent of the time.
Internet settings are another important and often overlooked security category, accounting for 73,1 percent of all endpoint misconfigurations. So users shouldn't really be able to run unsigned .NET Framework components from Internet Explorer. However, this happens more often. Another problem arises with SSL 3.0 downgrade attacks, through which attackers carry out man-in-the-middle attacks on the communication that is actually encrypted.
The IT left alone
Due to the increasing sophistication and diversification of cyber attacks and chronically understaffed IT security departments, many companies are increasingly at risk. Larger companies can choose to run their own SOC. For medium-sized and small organizations, MDR services offer an effective and in most cases sufficient alternative to putting security in external hands.
Such a dedicated security team takes over and is responsible for the configuration of the endpoints - although it works remotely and still has a complete view of the infrastructure. The best option is to provide organizations with a comprehensive endpoint risk analysis. Similar to a system audit, both technological risks and dangers resulting from human error are analyzed.
MDR offers the benefits and expertise of a SOC at a fraction of the cost. MDR teams work with companies to create pre-approved scenarios for responding to incidents. This is how the defense reacts correctly and faster. Often long before an initially undetected attack compromises the infrastructure.
More on this at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de