SecureState, a management consulting company specializing in Information Security, announced the release of their annual Attack Vectors Report. The purpose of the report is to identify the Top 5 Attack Vectors being leveraged by attackers breaking into organizations, which includes a variety of industries and mitigation techniques.
The Attack and Defense team at SecureState conducts hundreds of Penetration Tests each year, within a wide range of environments. During the analysis of this data, the team discovered that organizations across the all environments faced similar threats and often the same defensive approach.
“After preforming hundreds of Penetration Tests each year, it became evident that many organizations had the same common gaps within their security programs,” said Tom Eston, Attack & Defense Team Manager.
After analyzing the extensive amount of data collected, the 2014 Attack Vectors Report revealed the following Top 5 Attack Vectors being leveraged in order to gain access to organizations:
- Weak Passwords
- Web Management Consoles
- Missing Patches and System Misconfigurations
- Application Vulnerabilities
- Social Engineering
The 2014 Attack Vectors Report, which can be found on the SecureState website, goes into greater detail on each method of compromise. This same report also advises organizations on the defense and mitigations to such attacks. The 2014 Attack Vectors Report Webinar is also available for download.
“The current mindset security professionals and organizations have regarding the defense against these attacks needs to change. We face the same attacks. However, the same defensive measures are still failing us. We need to focus our efforts on more proactive countermeasures rather than the current reactive methodology, and this report demonstrates this need for change,” said Robert Miller, Attack & Defense Team Lead at SecureState. “I encourage all organizations to examine this report, the Top 5 Attack Vectors, and adjust their defensive controls to begin a more proactive approach against these threats.”
Since 2001, SecureState has been providing organizations with consulting services focused on Information Security, privacy, and compliance. The expert teams at SecureState solve complex business problems and develop solutions in the areas of Advisory Services, Audit & Compliance, Attack & Defense, Privacy, and Incident Response.