Monday Morning Impact – January 24

Study: Most Company Networks Vulnerable to Cybercriminals

Positive Technologies has issued a new research report analyzing results of the company’s penetration testing projects caried out in the second half of 2020 and first half of 2021. In 93% of cases, an external attacker can breach an organization’s network perimeter and gain access to local network resources, and it takes an average of two days to penetrate a company’s internal network. In 100% of companies analyzed, an insider can gain full control over the infrastructure.

The study was conducted among financial organizations (29%), fuel and energy organizations (18%), government (16%), industrial (16%), IT companies (13%), and other sectors.

“In 20% of our pen-testing projects, clients asked us to check what unacceptable events might be feasible as a result of a cyberattack,” said Ekaterina Kilyusheva, Head of Research and Analytics at Positive Technologies. “These organizations identified an average of six unacceptable events each, and our pen-testers set out to trigger those. According to our customers, events related to the disruption of technological processes and the provision of services, as well as the theft of funds and important information pose the greatest danger. In total, Positive Technologies pen testers confirmed the feasibility of 71% of these unacceptable events. Our researchers also found that a criminal would need no more than a month to conduct an attack which would lead to the triggering of an unacceptable event. And attacks on some systems can be developed in a matter of days.”

An attacker’s path from external networks to target systems begins with breaching the network perimeter. According to the research, it takes an average of two days to penetrate a company’s internal network. Credential compromise is the main way criminals can penetrate a corporate network (71% of companies), primarily because of simple passwords used, including for accounts used for system administration. An attacker who has the credentials with domain administrator privileges can obtain many other credentials for lateral movement across the corporate network and access to key computers and servers.

According to the study, most organizations have no segmentation of the network by business processes, and this allows attackers to develop several attack vectors simultaneously, and trigger several of a company’s unacceptable events.

The scope of the study included 45 projects for which clients consented to use of results and publication of depersonalized data. The projects were carried out in the second half of 2020 and the first half of 2021.

Channel Impact^®
In bolstering the IT security of clients, partners are urged to begin with an evaluation of the main points of risk, and then determine the proper combination of protection measures, which might include separation of business processes, configuration of security control, enhanced monitoring, and lengthening of the attack chain.

X Security Launches New Ransomware Preparedness Assessment for SMBs

X Security has announced a new service for channel partners seeking to help SMBs address the rise in ransomware attacks. The Dover, Delaware-based company will partner with MSPs and MSSPs to offer their white-labeled Ransomware Preparedness Assessment, providing penetration testing and social engineering assessments.

The assessment includes multiple phases such as Proactive Ransomware Simulation, an internal network pen-test, an external network pen-test, a risk assessment on social engineering, a review of the ransomware response plan, and a critical controls review.

The first objective is to evaluate is the current state of a company’s security posture, using a variety of tools. The second key objective is to evaluate their processes for responding to a ransomware attack. The final objective is to evaluate security controls that may help reduce the impact or success of future ransomware attacks. This part of the assessment is also tied to the same security controls that insurance companies are looking at to determine cyber insurance placement and premiums.

Channel Impact^®
Insurance companies faced significant losses due to ransomware attacks and are therefore increased the scrutiny on security controls prior to placing coverage. Companies are often denied coverage if certain security controls are not in place. The process outlined in the assessment reviews all security controls that insurers are seeking and highlights any gaps that could result in increased premiums or denied coverage.

Netacea Launches North American Partner Program

Netacea, a UK-based company which specializes in bot detection and mitigation, has rolled out a new North American partner program, as well as the appointment of a U.S.-based leadership team to further support its global footprint. The company also revealed it has entered into a new partnership agreement with Upstack, a New York-based company with a platform designed to streamline IT procurement through assistance with solution selection. Upstack’s service portfolio focuses on colocation and data center, network connectivity, SD-WAN, unified communications, cloud contact center, private and public cloud, security, mobile, business continuity and IoT.

The decision to expand Netacea’s presence in North America is due in part to the growing awareness by businesses about the impact of bots. According to the recent Netacea report, “The Bot Management Review: What are bots costing your business?”, automated bots operated by malicious actors cost businesses an average of 3.6% of their annual revenue. For the 25% worst affected businesses, this equates to at least a quarter of a billion dollars ($250 million) every year.

“In my two decades of building channel programs, I’ve never seen such a significant opportunity for partners, whether they are advisory agencies, managed service providers or managed security service providers, value-added resellers, or independent consultants,” said Kirk Horton, Netacea’s VP of Channels. “Partners who are able to understand the financial cost of bot attacks, articulate risks to customers, and then provide a proven solution to combat those threats have a massive opportunity to grow revenue as well as bolster their reputations as strategic security advisors.”

Channel Impact^®
Bots are a pervasive and rapidly growing problem affecting almost all industries, and they contribute to billions of dollars in losses every year. Bot management is widely viewed as an essential part of any security strategy.