Password Cracking Tops IT’s Security Concerns
By Karen A. Frenkel
Of the tested types of threats, the one experienced during the last three months by the most respondents (25%) is password cracking.
24.7% of respondents have experienced password cracking during the last six months or less, 22% experienced DDoS attacks, 21% experienced man-in-the-browser, 19.7% suffered DNS poisoning, and 18% experienced demand-in-the-middle attacks.
According to respondents, all the investigated types of attacks are equally hard to detect and mitigate. Nevertheless, Advanced Persistent Threats (APTs) have an edge: One-fifth of mid-size companies mentioned them.
Asked to rank attacks by difficulty of detection and mitigation, respondents answered as follows: APT: 19.7%, Ransomware: 13.7%, Spear Phishing: 13.7%, Rootkits: 13.3%, BYOD: 11.3%
One-third of companies use firewalls followed by anti-virus/malware. They also favor protection that limits the impact while security solutions are used.
The top five reasons companies use firewalls are: Anti-virus and malware: 70.3%, Firewall: 67.7%, Data Protection: 51.3%, Intern Filtering: 36%, Device or Port Control: 26.7%
The top five types of attacks companies fight with the help of custom software are: Advanced Persistent Threat: 55.7%, Spear Fishing: 52.3%, DNS poisoning: 51.7%, Zero-Day vulnerability: 51%, Ransomware: 47.7%
Time spent, either with the help desk or in-house IT support, and employee productivity are the areas most highly impacted by attacks.