“Safer internet day is perhaps more important than ever this year. In the last twelve months, the way we work or access education has changed beyond recognition. Organisations have opened up networks to accommodate a remote workforce. Students are using apps and services, typically the realm of the corporate world, to participate in virtual classes. Many of these cloud-based tools and services are accessed using personal devices that are unsecured or beyond the remit of the IT or security team. This expanded attack service presents an attractive target for attackers who frequently use personal devices to not only steal data on the device itself, but also look to move laterally across networks and cause further harm.
Research by Tenable’s Security Response Team, examining details from 730 publicly disclosed data breaches in 2020, found that threat actors rely on unpatched vulnerabilities in their attacks. These ‘broken windows’ are primarily used to gain initial access into a target network. From there, attackers leverage serious vulnerabilities, like Zerologon, to elevate privileges, granting themselves the ability to gain access to domain controllers within the network.
Most of these attacks are avoidable with basic safety steps. Good security awareness and basic cyber hygiene prevents mistakes that can cause serious harm. In tandem, it is critical that users take responsibility for updating and securing their devices to close these broken windows.
With technology now an integral part of modern life we all have a part to play in securing the devices we use.” — Adam Palmer, Chief Cybersecurity Strategist, Tenable
