Security News > 2024 > February > The old, not the new: Basic security issues still biggest threat to enterprises

In nearly 85% of attacks on critical sectors, compromise could have been mitigated with patching, MFA, or least-privilege principals - indicating that what the security industry historically described as "Basic security" may be harder to achieve than portrayed.

Ransomware attacks on enterprises saw a nearly 12% drop last year, as larger organizations opt against paying and decrypting, in favor of rebuilding their infrastructure.

"While 'security fundamentals' doesn't get as many head turns as 'AI-engineered attacks,' it remains that enterprises' biggest security problem boils down to the basic and known - not the novel and unknown" said Charles Henderson, Global Managing Partner, IBM Consulting, and Head of IBM X-Force.

According to X-Force, major incidents caused by attackers using valid accounts were associated to nearly 200% more complex response measures by security teams than the average incident - with defenders needing to distinguish between legitimate and malicious user activity on the network.

Enterprises should also recognize that their existing underlying infrastructure is a gateway to their AI models that doesn't require novel tactics from attackers to target - highlighting the need for a holistic approach to security in the age of generative AI. Where did all the phish go?

X-Force Red penetration testing engagements indicate that security misconfigurations accounted for 30% of total exposures identified, observing more than 140 ways that attackers can exploit misconfigurations.

News URL

https://www.helpnetsecurity.com/2024/02/23/2024-x-force-threat-intelligence-index/