Our Latest Online Backup Reviews:Vembu SyncBlaze
Industry LinksTools and Graphs
Woburn, MA – September 24, 2013 — /BackupReview.info/ — Experts from Kaspersky Lab and Outpost24 recently carried out a security audit at a number of European organizations and studied the prevalence of unpatched vulnerabilities globally to get a better understanding of the IT (in)security landscape.
Their joint report illustrates that even unsophisticated attacks on corporate networks can succeed without expensive zero-day exploits. Though the number of zero-day attacks is on the rise, cyber criminals still make extensive use of known vulnerabilities. This is hardly surprising considering it takes the average company 60-70 days to fix a vulnerability – enough time for attackers to gain access to a corporate network. The expert team’s security audit also revealed there is no need for cyber criminals to hack a corporate system; they simply need to ‘hack’ the people that manage the system.
A common baseline is for all critical vulnerabilities to be resolved within three months. But 77% of the threats that passed this three-month deadline were still present a full year after being discovered. The Kaspersky Lab and Outpost24 joint research team collected data on vulnerabilities dating back to 2010, and found systems that had been vulnerable for the past three years. These unpatched vulnerabilities are considered critical due to the ease with which they can be exploited and the impact they can have. Interestingly, there were even some corporate systems that had remained unpatched for a decade despite the fact that the companies were paying for a special service to monitor their security.
After collecting the data with the Outpost24 team, Kaspersky Lab’s senior security researcher David Jacoby decided to carry out a social engineering experiment to see how easy it was to insert a USB drive into computers at government institutions, hotels and privately owned companies. Dressed in a smart suit and armed with a USB stick containing only a PDF of his resume, David asked front desk staff at 11 organizations if they could help him print out a document for an appointment at a completely unrelated venue.
The sample group in this security audit included three hotels from different chains, six government organizations and two large privately owned companies. Computers at government bodies typically store sensitive information about citizens, while those at major private companies most likely contain network connections to other companies, and five-star hotels are places where diplomats, politicians and C-level executives stay when traveling.
Only one hotel agreed to connect David’s stick to their computer; the other two refused. The privately owned companies also declined his request. Out of the six government organizations visited, four actually did help David by inserting the USB stick into a computer. In two cases the USB port was disabled, so the staff asked him to send the file via email instead, providing ample scope to exploit vulnerabilities in PDF software.
David Jacoby, Senior Security Researcher Global Research & Analysis Team, Kaspersky Lab
Martin Jartelius, Chief Security Officer Outpost24
To read the full report, please visit Securelist: http://bit.ly/15RAoJL
About Kaspersky Lab
Securelist | Information about Viruses, Hackers and Spam
Threatpost | The First Stop for Security News
 – The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2012. The rating was published in the IDC report “Worldwide Endpoint Security 2013–2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2012.
General Tags: data security, data storage, online backup companies, online file storage, CEO interviews, backing up online, online backup, software as a service, online backup providers directory, online backup news, online data backup, online file backup, top rated online backups, cloud computing, online backup services, online backup reviews, compare online backups, SaaS
Like us on Facebook
Sponsored Links:Data Deposit Box Asigra Bacula Systems