A study by SecureWorks reveals that the majority of successful attacks against companies are by phishing, exploiting known vulnerabilities and using websites to launch threats.

 

The study carried out by SecureWorks for six months, it has been concluded that 82% of cyber attacks are produced by cybercriminals, 11% due to internal failures of organizations and 7% at the hands of adversaries (nation-state). Attacks by cybercriminals with financial motivation include theft of funds, copies of financial information or personal data and the rescue of the data.

Although the advanced attacks and the vulnerabilities of zero day attract a lot of attention , phishing, exploiting known vulnerabilities and using websites to launch attacks are the most common methods to compromise to companies. In the vast majority of cases, 88%, the attacks are opportunistic and do not follow any objective.

Normally, malware enters a corporate network through the violation of a weakened public system , compromised credentials of employees, emails, downloads from a website or through third parties. < / p>

The phishing accounts for 38% of attacks , while explorations of vulnerable systems account for 22%. The use of a website to host farms involves 21% of the incidents.

SecureWorks highlights the need for a balanced strategy between prevention, detection and incident response . The most important preventive strategies include better and more consistent patches, user account privilege management and the incorporation of web application firewalls or content filters.