Cyber security initiatives often can’t keep up with the rapid pace at which technology develops. This leaves businesses with exploitable vulnerabilities in their infrastructure if they don’t take a proactive approach to protecting their digital infrastructure.
Bulletproof’s annual cybersecurity industry report reflected on the past year and examined the major threats facing contemporary businesses. It found that many organisations still fall short of basic essential protocols.
In particular, the report identified four critical flaws that are most likely to contribute to a company suffering a data breach due to an external cyberattack. Here is our guide to managing those critical flaws to keep your business safe.
Outdated, unpatched or unsupported components (50%)
This seems like the kind of thing that should not be having such a huge impact on businesses. Most programmes will even alert you if they are out of date. It seems like it should be common sense to ensure that your software is fully patched and are working on supported operating systems.
However some people have concerns that patches will disrupt an organisation’s processes, either because of changes caused to the system or due to the hassle of migrating a large network. This is a worrying attitude for anyone working within cybersecurity to have.
Unpatched and unsupported systems are extremely vulnerable to digital threats. The fact that so many computers were using outdated operating systems is what made the WannaCry attack so devastating.
Given that regular patching is recommended by experts as a crucial element of any essential cybersecurity toolkit, it is a serious concern that so many breaches are still directly related to out of date software.
Weak cryptography (20%)
Poor configuration settings are generally less likely to be a target than outdated software or operating systems, but are still a common enough target for hackers to exploit, making them a key factor in insecure digital environments.
There are numerous ways that hackers could break cryptographic software to break into your organisation’s system. Badly designed code, dead code and code infected with bugs can all leave your organisation vulnerable to exploitation to people who know how to find those gaps and worm their way into your system.
While it is possible to reinforce the necessary software fairly easily, these vulnerabilities are often overlooked by businesses – if businesses are aware of them at all. Regular reviews can flag up vulnerabilities, which can then be bolstered against external predators.
Access control issues (15%)
When it comes to data, effective access control systems ensure that sensitive information is properly protected and available only to those people who need it.
There a number of issues that could contribute to the risk of a data breach, including neglecting multifactor authentication, incorrectly granting someone clearance to important files or saving data on unprotected, unencrypted drives.
Implementing a clearly defined access control system throughout your organisation is key to keeping on top of these risks. Keeping a comprehensive and up-to-date inventory of your network can help you to track the machines that handle your information and how well they are protected at any given time. Having as complete as possible knowledge of your infrastructure gives you better control over it and puts you in a better position to find and resolve any vulnerabilities that arise.
Poor passwords (15%)
Having a strong password policy specified in your organisation’s security best practice guidance is a good foundation for defending against this risk. This means ensuring that staff change the default passwords set on their machines and that best practice advice about what makes a strong password is clear and easy to access.
However, it can be difficult to know for sure that any policy is being properly followed. In 2019, the Ponemon institute found that 53% of small and medium sized businesses that suffered a data breach were compromised by poor employee passwords.
This is another issue where best practice is commonly discussed and encouraged, making it worrying that this is still a significant risk factor for contemporary businesses.
Organisations that want to take extra precautions can reinforce the protective impact of strong passwords by also implementing multi-factor authentication. This can then be monitored by infrastructure management tools to ensure it is properly implemented across your company.