Patchable and Preventable Security Issues Lead Causes of Q1 Attacks

image
Eighty-two percent of attacks on organizations in Q1 2022 were caused by the external exposure of a known vulnerabilities in the victim’s external-facing perimeter or attack surface. Those unpatched bugs overshadowed breach-related financial losses tied to human error, which accounted for 18 percent. The numbers come from Tetra Defense and its quarterly report that sheds light on a notable uptick in cyberattacks against United States organizations between January and March 2022. The report did not let employee security hygiene, or a lack thereof, off the hook. Tetra revealed that a lack of multi-factor authentication (MFA) mechanisms adopted by firms and compromised credential are still major factors in attacks against organizations. External Exposures: A Major Path of Compromise The study looks at the Root Point of Compromise (RPOC) in attacks. The RPOC is the initial entry point through which a threat actor infiltrates a victim organization and is categorized as the external exposure to a known vulnerability, or a malicious action performed by the user or a system misconfiguration. “Incidents caused by unpatched systems cost organizations 54 percent more than those caused by employee error,” according to the report. Researcher draw a line of distinction between “External Vulnerabilities” and “Risky External Exposures”. External Vulnerabilities, defined by Tetra Defense, refers incidents where an attacker leverages the publicly available exploit to attack the victim’s…

Source