The “Five Most Prevalent Threats to Corporate Data”

The “Five Most Prevalent Threats to Corporate Data”

Of the hundreds (if not thousands) of blog posts and news articles published about cybersecurity every week, occasionally you come across a gem like this post by Kevin Jackson on Sys-Con.com called “For Top Cyber Threats, Look in the Mirror”. I highly suggest you give it a read -> http://www.sys-con.com/?q=node/3943325

To break it down simply, Jackson’s article focused on a recent report released by cybersecurity assessment and advisory services provider, Praetorian, called “How to Dramatically Improve Corporate IT Security without Spending Millions”. Praetorian had analyzed the results of “100 separate internal penetration test engagements” and “identified the five most prevalent threats to corporate data”.

It probably comes as no surprise to you that “the top four are all based on utilizing stolen credentials and the last one helps an attacker be more effective in using those credentials.” At least it doesn’t for me as our whole mantra here at STEALTHbits is that every attacker is after the same two things; credentials and data.

While Jackson’s article and the study itself were what originally caught my attention, it was actually the article’s timing and applicability to a new set of Security Best Practices reports we released just days earlier that really got me excited. You can read up on that here if you’re interested -> https://www.stealthbits.com/press/item/306-first-stealthaudit-feature-pack-ships-today-providing-best-practice-reporting-active-directory-desktop-server-infrastructure

Praetorian’s “Five Most Prevalent Threats to Corporate Data” as summarized by Kevin Jackson are as follows:

  • Weak Domain User Passwords
  • Broadcast Name Resolution Poisoning
  • Same Local Admin Password
  • Domain Credentials in Cleartext
  • Insufficient Network Access Controls

In the recently released report set I mentioned, we built a series of reports and analyses to provide our users with deep insight into these very same concepts, including Weak Password Checks, Password Status, Local Admin Rights, Potential Plaintext Passwords, critical configurations like LSA Protection and WDigest Settings, and more. If you believe Praetorian’s research – which I certainly do – why not run these reports in your environment to see how well protected you are?

At the end of the day, Praetorian’s study speaks to the need for (and the present lack of) focus on foundation-level concepts in cybersecurity. Microsoft has built tons of capabilities into Windows to protect against attacks and remediate vulnerabilities, but they’re worthless if you don’t use them or they aren’t configured properly.

I know it is cliché, but security starts with the basics and the smartest, most secure organizations start from the ground up.

For a free trial, please download our StealthAUDIT Local Administrator Access Assessment by clicking here. If you need assistance, please contact sales@stealthbits.com.

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.