Top 5 Mistakes Ways People Leave Themselves Open to Compromise From Hackers including Assuming OS patching is good enough, Failing to enforce configuration, Not enforcing password policies, Not educating users and Insecurely storing data.
1. Assuming OS patching is good enough
– Applications and operating systems need to be updated regularly to avoid being attacked (e.g. Java)
– Poor application configuration creates vulnerabilities in the system.
– Phishing – One in 377.4 emails identified as phishing (an increase of 0.225 percentage points since November)
2. Failing to enforce configuration
– Having open permission on servers and poor access control
– Failing to audit admin access to detect anomalous behaviors
– Using obvious computer names making it easy to identify critical internal systems
– Not enforcing best practice configuration settings so systems can be easily attacked.
– Malware – One in 277.8 emails contained malware (a decrease of o.03 percentage points since November)
3. Not enforcing password policies
– Poorly enforced password policies leave easily guessable passwords
– Using default passwords – particularly on network and manufacturer equipment
– Spam – 70.6 percent (an increase of 1.8 percentage points since November)
4. Not educating users
– Users failing to understand risky and insecure behaviour
– Failing to educate users on soial media and online behaviour
– 61% of malicious web sites are genuine sites that have been compromised
5. Insecurely storing data
– Storing sensitive data on open shares
– Allowing unsecured access to data
– Failing to detect sensitive data leaving the organisation
– Symantec stats show decreasing levels of malware in emails and an increase in web attacjs. In January 2013, 2,256 malicious websites were blocked, an increase of 196.1 percent, reflecting a change in malware distribution.