14 DAY TRIAL // A study conducted by Kaspersky Lab and Outpost24 has revealed that even an unsophisticated cyberattack that doesn’t rely on any zero-day exploits can be successful. That's because it takes most companies a large amount of time to patch old vulnerabilities.
Experts have found that it takes a company, on average, 60-70 days to fix a security hole. This gives cybercriminals more than enough time to breach an organization’s networks.
During their research, Kaspersky and Outpost24 identified systems that had been vulnerable for the past three years.
In addition to the vulnerabilities audit, Kaspersky’s David Jacoby has done an interesting social engineering experiment. He dressed up in a smart suite and approached 11 organizations to see which of them would accept attaching an USB stick to their computers.
Jacoby asked front desk staff to help him print out a PDF of his resume which he needed for an appointment at a completely unrelated venue.
The expert targeted three hotels, six government organizations, and two large private companies. Of these only one of the hotels and four of the government agencies accepted to plug in the USB drive into their own computers. In the case of the government agencies, two of them had USB ports disabled, but they asked the expert to email the document instead.
“What is really surprising is that the hotels and privately owned companies had greater awareness and security than the government organizations. From this firsthand experience it is fair to conclude that there is a real problem,” Jacoby said.
“The security audit we performed is relevant for any country because that gap between the moment a vulnerability is detected and the moment it’s patched exists everywhere, in every country,” he added.
“The result of my USB stick experiment is also a wake-up call for those searching for tailored security solutions that cover the ‘threats of tomorrow’ – it highlighted that training your staff to be prudent is just as important!”
The complete study is available on Kaspersky's website.