IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Robust password policies cut cyber attacks by 60%

Research shows that hackers most often use brute force password attacks and flaw exploitation

Deploying an appropriate patch management policy decreases the risk of hacking by 30%, while a robust password policy reduces the likelihood of being attacked by 60%, according to a new report.

The Incident Response Analyst Report 2021, published by IT security firm Kaspersky, found brute force is the most widely used initial vector to penetrate a company’s network. Compared to the previous year, the share of brute force attacks has skyrocketed from 13% to 31.6%. The report’s authors said this was perhaps due to the pandemic and the boom of remote working.

The analysis of anonymized data from incident response (IR) cases found that the second most seen attack is vulnerability exploitation with a 31.5% share. The research showed that vulnerabilities from 2020 were used in only a few incidents. In other cases, adversaries used older, unpatched vulnerabilities, such as CVE-2019-11510, CVE-2018-8453, and CVE-2017-0144.

Over half of attacks that started with malicious emails, brute force, and external application exploitation were detected in hours (18%) or days (55%). The report added that  some of these attacks lasted much longer, with an average duration of up to 90.4 days. 

The report also found that industrial businesses were the most affected by cyber attacks (22%), followed by government institutions (19%). 

Analysis of the data from incident responses found that in 44% of all incidents, hackers used existing, well known offensive tools from GitHub, such as Mimikatz, AdFind, and Masscan. They also used specialized commercial frameworks, such as Cobalt Strike.

Related Resource

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Whitepaper title above a red triangle with an exclamation point insideFree download

Konstantin Sapronov, head of Kaspersky’s global emergency response team said that even if the IT security department does its best to ensure safety of the company’s infrastructure, legacy OS usage, low-end equipment, compatibility issues, and human factors often result in security breaches that can jeopardize an organization’s security.

“Protective measures alone can’t provide a holistic cyber defense. Therefore, they should always be combined with detection and response tools that are able to recognize and eliminate an attack at an early stage, as well as address the cause of the incident,” Sapronov said.

The report urged organizations to deploy a robust password policy, including multi-factor authentication (MFA) and identity and access management tools, and ensure software is patched regularly to fix vulnerabilities.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Apple, Google, Microsoft expand their support for password-less sign-ins
cyber security

Apple, Google, Microsoft expand their support for password-less sign-ins

6 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022

Most Popular

Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022