Robust password policies cut cyber attacks by 60%

Research shows that hackers most often use brute force password attacks and flaw exploitation

Deploying an appropriate patch management policy decreases the risk of hacking by 30%, while a robust password policy reduces the likelihood of being attacked by 60%, according to a new report.

The Incident Response Analyst Report 2021, published by IT security firm Kaspersky, found brute force is the most widely used initial vector to penetrate a company’s network. Compared to the previous year, the share of brute force attacks has skyrocketed from 13% to 31.6%. The report’s authors said this was perhaps due to the pandemic and the boom of remote working.

The analysis of anonymized data from incident response (IR) cases found that the second most seen attack is vulnerability exploitation with a 31.5% share. The research showed that vulnerabilities from 2020 were used in only a few incidents. In other cases, adversaries used older, unpatched vulnerabilities, such as CVE-2019-11510, CVE-2018-8453, and CVE-2017-0144.

Over half of attacks that started with malicious emails, brute force, and external application exploitation were detected in hours (18%) or days (55%). The report added that  some of these attacks lasted much longer, with an average duration of up to 90.4 days. 

The report also found that industrial businesses were the most affected by cyber attacks (22%), followed by government institutions (19%). 

Analysis of the data from incident responses found that in 44% of all incidents, hackers used existing, well known offensive tools from GitHub, such as Mimikatz, AdFind, and Masscan. They also used specialized commercial frameworks, such as Cobalt Strike.

Related Resource

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Whitepaper title above a red triangle with an exclamation point insideFree download

Konstantin Sapronov, head of Kaspersky’s global emergency response team said that even if the IT security department does its best to ensure safety of the company’s infrastructure, legacy OS usage, low-end equipment, compatibility issues, and human factors often result in security breaches that can jeopardize an organization’s security.

“Protective measures alone can’t provide a holistic cyber defense. Therefore, they should always be combined with detection and response tools that are able to recognize and eliminate an attack at an early stage, as well as address the cause of the incident,” Sapronov said.

The report urged organizations to deploy a robust password policy, including multi-factor authentication (MFA) and identity and access management tools, and ensure software is patched regularly to fix vulnerabilities.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Researchers disclose top vulnerabilities abused by ransomware gangs
ransomware

Researchers disclose top vulnerabilities abused by ransomware gangs

20 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021
How do hackers choose their targets?
hacking

How do hackers choose their targets?

17 Sep 2021
Owner of DDoS for hire sites found guilty of hacking offences
distributed denial of service (DDOS)

Owner of DDoS for hire sites found guilty of hacking offences

17 Sep 2021

Most Popular

Zoom: From pandemic upstart to hybrid work giant
video conferencing

Zoom: From pandemic upstart to hybrid work giant

14 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Apple patches zero-day flaw abused by infamous NSO exploit
exploits

Apple patches zero-day flaw abused by infamous NSO exploit

14 Sep 2021