Penetration testing study shows that 93 percent of company networks can be infiltrated
- Published: Wednesday, 22 December 2021 10:20
Positive Technologies has issued a new research report analyzing results of the company’s penetration testing projects caried out in the second half of 2020 and first half of 2021. In 93 percent of cases, an external attacker can breach the organization’s network perimeter and gain access to local network resources.
An attacker's path from external networks to target systems begins with breaching the network perimeter. According to this research, on average, it takes two days to penetrate a company's internal network. Credential compromise is the main way criminals can penetrate a corporate network (71 percent of companies), primarily because of simple passwords used, including for accounts used for system administration.
An attacker who has the credentials with domain administrator privileges can obtain many other credentials for lateral movement across the corporate network and access to key computers and servers.
Administration, virtualization, protection, or monitoring tools often help an intruder gain access to isolated network segments. According to the study, most organizations have no segmentation of the network by business processes, and this allows attackers to develop several attack vectors simultaneously, and trigger several of a company’s unacceptable events.