According to the third edition of the Hacker's Playbook Findings Report, published By SafeBreach in December 2017, of the 3,400 security breach methods tested, the malware infiltration success rate reported was in excess of 60%. More significantly, once an enterprise is breached, hackers can navigate laterally through the network at an astounding rate more than 70% of the time.
In other words, whatever your enterprise has done to protect its network from unauthorized access up to this point is almost guaranteed to be ineffective more than half the time. But while that is an uncomfortable fact to ponder, it doesn't mean enterprises have no options to counteract that disturbing 60% hacker success rate.
SEE: 17 tips for protecting Windows computers and Macs from ransomware (free TechRepublic PDF)
Simple, inexpensive, and effective
Enterprises' security protocols and protection systems, according to SafeBreach, can often be made more effective just by fine tuning their focus. Just as it is with any technology deployment, it is vital to a system's overall success that default configurations be modified and adjusted to fit the unique profile of the enterprise.
An enterprise can deploy the best security system available, one with all the latest and greatest features, but if it does not make configuration adjustments based on the network topology, operating system implementation, workstation functions, and a multitude of other characteristics, it is setting itself up for a potential security breach.
This is why it is so important that enterprises take the time to analyze their overall information technology network down to categorizing workstation systems and user roles. When it comes to malware, security begins at the user level—that is where the system is most vulnerable. A strong comprehensive policy designed to secure every workstation is an essential, cost-effective way to establish stronger security and reduce that 60% hacker success rate.
TechRepublic's premium sister site, Tech Pro Research, offers a Securing Windows Policy specifically designed to secure workstations running the Microsoft Windows operating system at the user level. Many of the policy's principles can be applied to any operating system and will help your overall enterprise security profile.
- Researchers can now hack a PC with malware stored on synthetic DNA (TechRepublic)
- IoT security: Keeping users on their toes means staying on yours (Tech Pro Research)
- Fileless malware: The smart person's guide (TechRepublic)
- A giant botnet behind one million malware attacks a month just got shut down (ZDNet)
What steps have you taken to harden your security at the user level? Share your advice and strategies with fellow TechRepublic members.
Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to BreakingModern.com, aNewDomain.net, and TechRepublic.