Of the hundreds (if not thousands) of blog posts and news articles published about cybersecurity every week, occasionally you come across a gem like this post by Kevin Jackson on Sys-Con.com called “For Top Cyber Threats, Look in the Mirror”. I highly suggest you give it a read -> http://www.sys-con.com/?q=node/3943325
To break it down simply, Jackson’s article focused on a recent report released by cybersecurity assessment and advisory services provider, Praetorian, called “How to Dramatically Improve Corporate IT Security without Spending Millions”. Praetorian had analyzed the results of “100 separate internal penetration test engagements” and “identified the five most prevalent threats to corporate data”.
It probably comes as no surprise to you that “the top four are all based on utilizing stolen credentials and the last one helps an attacker be more effective in using those credentials.” At least it doesn’t for me as our whole mantra here at STEALTHbits is that every attacker is after the same two things; credentials and data.
While Jackson’s article and the study itself were what originally caught my attention, it was actually the article’s timing and applicability to a new set of Security Best Practices reports we released just days earlier that really got me excited. You can read up on that here if you’re interested -> https://www.stealthbits.com/press/item/306-first-stealthaudit-feature-pack-ships-today-providing-best-practice-reporting-active-directory-desktop-server-infrastructure
Praetorian’s “Five Most Prevalent Threats to Corporate Data” as summarized by Kevin Jackson are as follows:
- Weak Domain User Passwords
- Broadcast Name Resolution Poisoning
- Same Local Admin Password
- Domain Credentials in Cleartext
- Insufficient Network Access Controls
In the recently released report set I mentioned, we built a series of reports and analyses to provide our users with deep insight into these very same concepts, including Weak Password Checks, Password Status, Local Admin Rights, Potential Plaintext Passwords, critical configurations like LSA Protection and WDigest Settings, and more. If you believe Praetorian’s research – which I certainly do – why not run these reports in your environment to see how well protected you are?
At the end of the day, Praetorian’s study speaks to the need for (and the present lack of) focus on foundation-level concepts in cybersecurity. Microsoft has built tons of capabilities into Windows to protect against attacks and remediate vulnerabilities, but they’re worthless if you don’t use them or they aren’t configured properly.
I know it is cliché, but security starts with the basics and the smartest, most secure organizations start from the ground up.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Adam Laub is the Senior Vice President of Product Management at STEALTHbits Technologies. He is responsible for setting product strategy, defining future roadmap, driving strategic sales engagements, supporting demand generation activities, enabling the sales organization and all aspects of product evangelism.
Since joining STEALTHbits in 2005, Adam has held multiple positions within the organization, including Sales, Marketing, and Operational Management roles.
Adam holds a Bachelor of Science degree in Business Administration from Susquehanna University, Selinsgrove, PA.