Why Corporate Networks Are Vulnerable<\/p>\n
The Results of Kaspersky Lab\u2019s Study on Common IT Security Policy Mistakes revealed<\/p>\n
Kaspersky Lab, a leading developer of secure content and threat management solutions, presents the results of a study conducted by its Global Emergency Response Team \u2013 a consulting service for the company\u2019s corporate users. The data that was accumulated while serving corporate customers highlights the main IT security policy mistakes that can put an organisation at risk.<\/p>\n
Commenting on the study, Alexey Polyakov, head of the Global Emergency Response Team at Kaspersky Lab, said: \u201cIn the past, our corporate support team received complaints unrelated to product functionality. For example, some customers complained that our products could not remove all the viruses from a network. After some quick analysis we discovered that the products did in fact successfully detect and remove malware, but this malware kept coming back \u2013 over and over again. So over the last 12 months, by actively engaging with our corporate users we have noticed that the majority of virus-related incidents occur due to underestimated design issues or unnoticed weaknesses in corporate security policies.\u201d<\/p>\n
Why Your Corporate Network May Be Vulnerable<\/p>\n
The biggest mistake is to ignore network share access rights \u2013 responsible for 35% of incidents. In such a case there might be open sharing with access rights configured as \u201cfull access\u201d to everyone on an internal file server or end-user work desktop, e.g., a shared public document workspace where all documents are stored. Sooner or later this can become a prominent source of malware redistribution throughout the organisation.<\/p>\n
Modern malware takes advantage of existing vulnerabilities. A network with just a single missing patch can be put at serious risk. And this is a common issue seen mostly in small to medium organisations with end-users numbering less than 500. These organisations either do not have enough expertise or ignore patching completely. As such, this mistake is responsible for 25% of incidents.<\/p>\n
Use of multiple vendor anti-malware solutions (15% of incidents) may lead to a situation where it is hard to mitigate malware attacks. This may occur if one of the vendors does not respond fast enough to attacks. Delays in responses may run to days, weeks or even months. During this time the solution of another vendor would detect and remove malware, but only in its part of the network \u2013 and malware would attack it from the unprotected side. Alexey Polyakov concluded, \u201cFrom our experience we see that security admin spends a lot of time working with multiple vendors\u2019 support services in finding and fixing a problem.\u201d<\/p>\n
A partially protected environment (15% of incidents) is where an anti-malware solution is installed on part of the network, leaving other resources unprotected.<\/p>\n
Firmware vulnerability (5% of incidents) may be exploited by attackers if security admin forget to monitor hardware devices, such as routers, firewalls and other network appliances, to see if they need patching.<\/p>\n
And another relatively infrequent mistake (also 5% of incidents) is to believe that software downloaded from the Web is always perfectly sound software.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"
Kaspersky has revealed the results of it’s study on Common IT Security policy mistakes, which gives greater insight as to why corporate networks are vulnerable.<\/p>\n","protected":false},"author":56,"featured_media":24899,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[2098,2108,1595,801,2106],"class_list":["post-28506","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-alexey-polyakov","tag-corporate-networks","tag-kaspersky","tag-malware","tag-network-security"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/28506"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/56"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=28506"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/28506\/revisions"}],"predecessor-version":[{"id":28518,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/28506\/revisions\/28518"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/24899"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=28506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=28506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=28506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Kaspersky](\"http:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2011\/07\/kaspersky-corporate-network-vulnerability.jpg\" "\\"Kaspersky")
<\/a>