News

IS Research: Small Business Does Not Update Critical Software

Alert Logic has published a report on cyber risks in the field of small and medium-sized businesses. According to analysts, the key problem of small organizations is weak encryption and the use of outdated versions of software – users do not update the software.

The study is based on the study of 8.2 million information security incidents that occurred in more than 4 thousand Alert Logic customers.

At the same time, the risks associated with the security of computer infrastructure can be significantly reduced by protecting only three ports, which account for two-thirds of all cyberattacks.

Read also: US authorities impose sanctions on North Korean hack groups Lazarus, Bluenoroff and Andarial

According to experts, 42% of the incidents identified were due to incorrect settings related to encryption. According to researchers, the use of cloud services such as AWS requires special attention to protecting traffic, but 33% of verified accounts use unreliable cryptographic methods or do not encode information at all. In addition, 14% of small organizations have problems setting up S3 baskets.

“Analysis of server and workstation configuration errors showed that two-thirds of them are associated with the use of weak encryption algorithms. MD5 is no longer considered a sufficiently secure cryptography method, and SHA-0 and SHA-1 are easily cracked using modern computing power”, – experts noted.

For reliable data protection, experts recommend the use of SHA-256 and AES.

According to the report, 66% of checked Windows systems use outdated OS versions or those that will be removed from support in January 2020. The situation with Linux-based servers is no less alarming: about 50% of them work on assemblies with the old kernel, for which security updates are not issued. In addition, manufacturers no longer support more than 30% of the mail servers of small organizations.

“SMB companies using current versions of system software often neglect to install important patches. Of the 20 vulnerabilities most often encountered on servers and workstations in small businesses, 75% were fixed by the manufacturer a year or more ago”, – noted the researchers.

As information security experts found out, 65% of attacks on computer systems of small organizations are conducted through TCP ports 22 (SSH), 443 (HTTPS) and 80 (HTTP). By protecting them with a firewall and regularly checking the incoming request log, you can avoid most of the attacks that threaten small and medium-sized enterprises.

In addition, researchers recommend paying attention to the RDP port used by the BlueKeep exploit, as well as the FTP ports that IP cameras, printers, and other IoT devices often work with.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bhexusa.xyz pop-up ads (Virus Removal Guide)

News-bhexusa.xyz is a domain that tries to trick you into clik to its browser notifications…

22 hours ago

Remove News-bhupotu.xyz pop-up ads (Virus Removal Guide)

News-bhupotu.xyz is a domain that tries to trick you into subscribing to its browser notifications…

22 hours ago

Remove News-bhocime.info pop-up ads (Virus Removal Guide)

News-bhocime.info is a site that tries to trick you into subscribing to its browser notifications…

23 hours ago

Remove You-hub.online pop-up ads (Virus Removal Guide)

You-hub.online is a site that tries to force you into clik to its browser notifications…

23 hours ago

Remove News-bhecudu.live pop-up ads (Virus Removal Guide)

News-bhecudu.live is a domain that tries to force you into clik to its browser notifications…

23 hours ago

Remove News-bhiciwe.today pop-up ads (Virus Removal Guide)

News-bhiciwe.today is a site that tries to force you into clik to its browser notifications…

23 hours ago