Think Windows 10 and Windows 8 are keeping your organization’s data safe? Think again.
Both have been easily compromised in the past year, and most businesses are falling short when it comes to applying least-privilege policies, according to Thycotic‘s survey of more than 300 hackers at Black Hat. Nearly 70 percent of those help organizations improve security and identify as “white hat hackers.”
The findings reflect hackers’ perspectives on vulnerabilities and attack vectors they find easiest to exploit.
Joseph Carson, Thycotic’s chief security scientist, tells us the survey reveals major opportunities for companies in the channel to extend their security portfolios beyond just Microsoft services and offer extended security solutions such as privileged access management, multifactor authentication and strong application control.
“The most surprising finding was that even fully patched Windows systems are still easily compromised by most hackers and cybercriminals, meaning that a well-patched operating system does not mean it is secure and protected from cyberattacks,” he said.
Operating systems are only as secure as the people using them and the configurations applied. Knowing that compromise of user accounts is probably inevitable, organizations need a “zero trust” strategy that emphasizes least privilege to limit overprivileged accounts that give hackers wide and undetected access, according to Thycotic.
“By combining a least-privilege strategy with other security layers such as multifactor authentication, behavior analytics and privileged account protection, organizations can build and maintain a more effective and dynamic security posture to keep cybercriminals from exploiting their IT environments,” Carson said.
Many companies use group policy objects (GPO) to centralize the management, configuration and security of Windows domain-connected devices; however, GPO policies are dependent on multiple factors and Thycotic says hackers indicate that they can easily bypass these security controls.
Respondents indicated that three in four (74 percent) organizations are not doing a good job of implementing the principle of least privilege. This leads to poor password protection and the theft of credentials, followed by the elevation of privileges that allow cybercriminals to seize administrative controls and conquer the network.
Additional findings from the survey include:
“Education and cyber awareness play a major role in improving a company’s security posture; organizations can no longer rely solely on technology to protect them,” Carson said. “Easy-to-use and easy-to-learn solutions are key to helping organizations adopt a people-centric approach that offers fast implementations and strong value for the business. Organizations need to start choosing cybersecurity solutions that are both good for people and good for the business in order to turn security into a business opportunity.”
Kaspersky Lab has unveiled the latest version of its Kaspersky Small Office Security, designed to protect small businesses from cybercrime without the need for technical cybersecurity expertise or regular hands-on administration.
The latest version adds: extended protection against ransomware and cryptominers; support for Microsoft Windows protection during computer reboot and application updates; a new alert approach for …