Networks, Weakest Link In Enterprise Security: Report

by CXOtoday News Desk    Apr 11, 2016

Network Security Image Courtesy Corporate networks are the weakest link in the security mechanism of any organization. Unsecured and unpatched networks are easy targets for cyber criminals to infiltrate and poise substantial damage to organizations. The latest study by F Secure Labs, highlighted several vulnerabilities in corporate networks. The study revealed that many companies lack robust security infrastructure to protect their networks. 

The investigation found that, out of nearly 85,000 instances of the 100 most common vulnerabilities identified in corporate networks, approximately seven percent of them have high severity ratings according to standards used by the National Vulnerability Database. Nearly half of these highly severe weaknesses were exploitable, and could be used by attackers to gain control over compromised machines via remote code execution, the study stated.  

The study also stated that nearly all of these exploitable weaknesses are easy to fix with the right software patches or simple administrative changes. The investigation used F-Secure Radar, a vulnerability scanning and management solution, to uncover instances of misconfigured systems, unpatched software, and other weaknesses. 

“The fact that we found thousands of issues this severe suggests some serious security shortfalls amongst companies. Either they are not implementing patch management programs, or they are forgetting to include parts of their network in their maintenance practices. But no matter what the underlying cause is, it’s lots of opportunities for attackers, and lots of breaches waiting to happen”, said Jarno Niemelä, Lead Researcher, F-Secure Labs.

 According to Research and Markets report, cyber-attacks are expected to drive the worldwide network security market. The study predicts the global market for network security platforms to experience a compound annual growth rate of 7.84 per cent from 2014 to 2019. The IDC report predicts that more than 1.5 billion people, will be affected by data breaches, by 2020. 

While the investigation found thousands of highly severe weak points, the findings pointed to misconfigured systems as being far more common. The 10 most frequent vulnerabilities found were low or medium severity issues, but accounted for 61 percent of all weaknesses discovered in the investigation. While these issues lack the severity of high-risk vulnerabilities, they encourage hackers to investigate further and look for additional weak spots.

F-Secure’s vulnerability scanning solution, F-Secure Radar, is a certified PCI ASV solution that gives companies a complete overview of their networks, and highlights weaknesses that attackers can use to compromise systems. It includes different scanning options to provide a comprehensive analysis of networks, and ranks vulnerabilities according to their severity. Companies can use the scans to map the different systems integrated with the network, check web applications (even custom-built APIs tailored to fit unique networks and infrastructure), and locate outdated, unpatched, or misconfigured parts of their network.