Home

Support Portal

Management Team

Our History

Employment

Security Strategy, Framework & Policy

Risk Assessment

Control Implementation

Security Education

Maintenance, Monitoring and Support

Information Security Consulting

Security Integration

Managed Services

Licensing and Maintenance

Security Information and Event Management

Identity and Access Management

Remote Access

Data Leakage Prevention

Threat Management and Mitigation

Partner News

Past events

Security Capabilities

Approach

Security Strategy, Framework & Policy

Risk Assessment

Control Implementation

Security Education

Maintenance, Monitoring and Support

Services

Information Security Consulting

Security Integration

Managed Services

Licensing and Maintenance

Solutions

Security Information and Event Management

Identity and Access Management

Remote Access

Data Leakage Prevention

Threat Management and Mitigation

Security News

eNEWSLETTER SIGNUP
Sign up here to receive our quarterly newsletter.

REGISTER FOR EVENTS
See which security events are happening in your area.

SUPPORT PORTAL
Log a support ticket or login to view an existing support case.

sans top cyber security risks

TOP CYBER SECURITY RISKS

The SANS Institute has released a report on the top Cyber Security Risks as seen from attack data from IPS systems protecting 6,000 organisations, vulnerability data from 9 million systems and analysis of the Internet Storm Centre. The major findings were that 2 risks outweigh all others but that organisations fail to mitigate against them.

According to the report the two greatest risks that were identified were; Client-side software that remains unpatched and Internet-facing web sites that are vulnerable.

Client-side software is being used as a target through waves of email attacks (spear phishing) by exploiting vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTIme, Adobe Flash and Microsoft Office. The same vulnerabilities are exploited when the user visits infected web sites (the second biggest risk) and downloads documents, music and video which exploits the vulnerabilities. The victim’s then infected computer proceeds to circulate the infection and compromise other internal computers and sensitive servers. The ultimate goal of these attackers is to steal data from the target organisations, while also installing ‘back doors’ into the organisastion for which they can return and exploit at a later date. It was found that on average major organisations take at least twice as long to patch client-side vulnerabilities as they take to patch operating system vulnerabilities.

The second biggest risk was Internet-facing websites that are vulnerable. The attacks against web applications accounted for more than 60% of the total attempted attacks on the Internet. Attackers convert trusted websites into malicious websites serving content that contains the above-mentioned client-side exploits. Web application vulnerabilities such as SQL injection and Cross-Site Scripting flaws in open-source as well as custom-built applications account for more than 80% of the vulnerabilities being discovered. Despite the enormous number of attacks and despite widespread publicity about these vulnerabilities, most web site owners fail to scan effectively for the common flaws and become unwitting tools used by criminals to infect the visitors and organisations that trusted those sites to provide a safe web experience.

Source: SANS Institute
To read the whole report visit: http://www.sans.org/top-cyber-security-risks/

Loop Technology can assist with mitigating against both of these risks through conducting Security Reviews, implementing Intrusion Prevention Systems and/or Web Content Filtering Systems. Contact us today to find out more about how Loop can assist.