(Scary stats) Rapid7’s pen testers were able to abuse at least one network misconfiguration in 80% of engagements and one in-production vulnerability in 84% of all engagements. In 53% of all engagements, the testers were able to capture at least one credential
Organizations are more interested in securing their own sensitive data – such as internal communications and financial metrics – than that of their customer and employees. (Anyone surprised?)
The report also revealed the top five security priorities of the participating organizations. When it comes to protecting sensitive information, 21% prioritize sensitive internal data, 20% focus on personally identifiable information (PII). Only 14% of organizations ranked protecting authentication credentials as a top-five priority, 7.8% prioritize payment card data and only 6.5% ranked bank account data.
https://www.infosecurity-magazine.com/news/pen-testers-abuse-configuration
No comments:
Post a Comment