Cybersecurity is an ongoing battle, and the latest figures from penetration testers prove that the fight is far from over. According to Positive Technologies, 93% of all networks are open to breaches due to common vulnerabilities. However, there are proactive steps business owners can take to stay on the right side of that ratio.

Take a look at some of the common vulnerabilities as outlined by the report. We’ll also address some important actions that businesses and agencies can take to reduce their attack surface and harden their networks.

Protecting your network

It’s easy to think that your network is mostly protected from common network threats. After all, you have a security operations center team already, right? They’re watching the network for anomalies and responding quickly to alerts. You also have some excellent software in place that helps you uncover malware attempts and malicious websites.

These are basic steps that any well-prepared enterprise should take if they’re serious about cyber defense. However, these measures may not be enough.

From July 2020 to June 2021, multiple pen testers across several different industries assessed organizations’ readiness. The compiled data painted a grim picture. 93% of those networks are poorly configured, even at the most basic levels. In 71% of these cases, attackers would be able to impact a business to an “unacceptable” degree.

The findings in this report showed that common vulnerabilities still exist in most networks today. Think poor password management, outdated and unpatched devices and software, poor security configurations and inconsistent user access protocols.

These statistics are a sobering reminder that no one is immune to digital attacks. It’s more important than ever for businesses to take proactive steps to secure their networks.

Avoiding a defeatist attitude

At the same time, though, people and tech solve problems like this all the time. It can be easy to feel overwhelmed and defeated. Protecting a network from all possible attack vectors is a daunting task. We can take simple, progressive steps to avoid being at risk, though.

In many cases, training and awareness for employees are the most overlooked yet impactful steps you can take. By teaching your team how to spot a phishing email or malicious website, you’re arming them with the knowledge they need to help protect your network from these threats.

In addition, it’s crucial to have a security policy in place that outlines norms for employee behavior and lays out best practices for protecting company data. This document should outline procedures for password management best practices and guidelines for device and software usage. Make sure you have this as you increase remote working and personal device use.

Applying zero trust protocols and hardening app security

In addition to awareness training for employees, another best practice is using zero trust network protocols. Your team should deploy these protocols across all internal and external environments. That way, each user must prove who they are before accessing any network apps or data.

In an ideal world, a zero trust network also includes multi-factor authentication. This provides more layers of protection against unwanted access attempts. This can include biometric identification, facial recognition through supported webcams and traditional password management.

Another critical step you can take is to harden application security. Ensure you have proper visibility into known and unknown threats lurking in your networks. Threat intelligence gathering and proactive penetration testing can help your company gain this. From there, it helps find and address vulnerabilities in app security before a breach occurs.

Renewed focus on incident response plans

Having a thorough incident response plan (IRP) is also essential. It can help you to rapidly respond to any type of attack or data breach.

Your IRP should include step-by-step procedures for spotting and containing an attack. Also include protocols for informing impacted people and groups. You should have certain personnel assigned to each step of the response plan. In addition, perform regular testing and updates to ensure that the plan is up-to-date and effective.

A well-drafted IRP is a critical part of any cybersecurity strategy and should be considered a high priority. With the proper steps in place, your team can work to stay ahead of the curve and beat the odds.

Up to the task

It can be a daunting task for security teams to patch network vulnerabilities before they become a problem, but it is possible to do. The report cited above is less of a grim truth and more of a call to action. There is still work to be done in reducing the attack surface. However, through proactive planning, the right level of awareness and the proper tools and technologies, you can increase the chances of remaining secure.

More from Network

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Databases beware: Abusing Microsoft SQL Server with SQLRecon

20 min read - Over the course of my career, I’ve had the privileged opportunity to peek behind the veil of some of the largest organizations in the world. In my experience, most industry verticals rely on enterprise Windows networks. In fact, I can count on one hand the number of times I have seen a decentralized zero-trust network, enterprise Linux, macOS network, or Active Directory alternative (FreeIPA). As I navigate my way through these large and often complex enterprise networks, it is common…

Easy configuration fixes can protect your server from attack

4 min read - In March 2023, data on more than 56,000 people — including Social Security numbers and other personal information — was stolen in the D.C. Health Benefit Exchange Authority breach. The online health insurance marketplace hack exposed the personal details of Congress members, their families, staff and tens of thousands of other Washington-area residents. It appears the D.C. breach was due to “human error”, according to a recent report. Apparently, a computer server was misconfigured to allow access to data without proper…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today