Cybersecurity News in Asia

Features
- Featured
  
  How to talk to your board and C-suite about cyber-preparedness
  
  Thursday, June 1, 2023, 11:33 AM Asia/Singapore | Features, Tips
- Featured
  
  Ransomware trends APAC organizations should be mindful of
  
  Tuesday, May 30, 2023, 2:02 PM Asia/Singapore | Features, Malware & Ransomware
- Featured
  
  Generative AI – the cybercriminal’s latest tool of terror?
  
  Tuesday, May 23, 2023, 11:20 AM Asia/Singapore | Features
News
- Featured
  
  Cyber insurance terms reward the cyber diligent
  
  Tuesday, June 6, 2023, 11:22 AM Asia/Singapore | Cyberthreat Landscape, News, Newsletter
- Featured
  
  2022 financial services web-application and API attacks surge 248% in APJ
  
  Tuesday, June 6, 2023, 10:39 AM Asia/Singapore | News, Newsletter
- Featured
  
  Automation and AI increase bot attack sophistication, evasiveness
  
  Thursday, June 1, 2023, 2:45 PM Asia/Singapore | Cyberthreat Landscape, News, Newsletter
Opinions
Tips
Whitepapers
Awards 2022
Directory
E-Learning

News

Patch management, password hygiene can reduce cyber risks up to 60%: report

By CybersecAsia editors | Friday, October 1, 2021, 12:30 PM Asia/Singapore

Although there are caveats to this number, analytics in one ecosystem are showing that neglecting the two practices will be self-destructive.

It is supposedly “common knowledge” to perform regular system/software patching and updates, as well practice strong password hygiene, even among those who have even a little understanding of cybersecurity.

When not managed well, these two aspects of cybersecurity provide a way for adversaries to penetrate a company’s system. As a result, security issues with passwords and unpatched software combine into the overwhelming majority of initial access vectors during attacks, according to Kaspersky researchers.

The firm’s incidence-response analytics data indicate that brute force was the most widely used initial vector to penetrate networks in its protection ecosystem, having skyrocketed from 13% to 31.6% since last year. The second most commonly seen attack was vulnerability exploitation at a 31.5% share. The data showed that in only a few incidents, vulnerabilities from 2020 were used. In other cases, older unpatched vulnerabilities such as CVE-2019-11510, CVE-2018-8453, and CVE-2017-0144 had been exploited.

Effects of proper cyber hygiene

In the analysis, more than half of all attacks that started with malicious emails, brute force, and external application exploitation were detected in hours (18%) or days (55%). Some lasted much longer, with an average duration of up to 90.4 days.

The data shows that attacks involving a brute force initial vector were easy to detect in theory, but in practice, only a fraction were identified before causing an impact. Although brute force attack prevention and the control of timely updates do not seem to be problematic for a professional cybersecurity team, in practice, 100% elimination of these issues is virtually impossible.

The firm’s Head of Global Emergency Response, Konstantin Sapronov said: “Even if the IT security department does its best to ensure safety of the company’s infrastructure, factors such as legacy OS usage, low-end equipment, compatibility issues and human factors often result in security breaches that can jeopardize an organization’s security. Protective measures alone can’t provide holistic cyber defense. Therefore, they should always be combined with detection and response tools that are able to recognize and eliminate an attack at an early stage, as well as address the cause of the incident.”

The data indicates that just implementing an appropriate patch management policy can decrease the risk of incidents by 30%, and a robust password policy can reduce the likelihood of being attacked by 60%.