96% of Organizations Vulnerable to Cyberattacks, Reveals Positive Technologies’ Penetration Tests
Positive Technologies has disclosed alarming results from its 2023 penetration tests, showing that a staggering 96% of organizations are vulnerable to cyberattacks. According to the research, only 4% of organizations successfully protected against attackers breaching their internal networks. In every company where an internal penetration test was conducted, attackers could have seized full control of the IT infrastructure, with the quickest breach occurring within just one day.
Penetration Testing Insights
The penetration tests, conducted by PT SWARM, spanned various sectors including IT, finance, industry, services, and telecommunications. The primary goal was to determine the vulnerability of organizations to both external and internal cyberattacks, assessing whether such attacks could trigger non-tolerable business events.
Key Findings:
– Low-Skilled Attacker Vulnerability: In 63% of organizations, even a low-skilled attacker could penetrate the local network from the outside. Similarly, a low-skilled internal attacker could gain full control over the IT infrastructure in the same proportion of organizations.
– Unprotected Internal Networks: In 96% of the projects, organizations were found vulnerable to internal network penetration attempts. Only one company successfully resisted the penetration test, thanks to prior pentesting and effective vulnerability remediation.
– Speed of Network Penetration: The fastest penetration of an organization’s LAN occurred on the first day of testing, with an average access time of 10 days for specialists.
– Full Control Over Infrastructure: In every company where an internal test was conducted, attackers could have gained full control over the infrastructure. In one instance, maximum privileges in the Active Directory domain were obtained in just 6.5 hours.
– Unauthorized Access to Sensitive Information: Specialists managed to obtain employee credentials and gain unauthorized access to confidential information, including intellectual property and internal communications, in nearly every company.
Grigory Prokhorov, Positive Technologies Research Analyst, stated: “In every organization where PT SWARM conducted internal penetration tests, maximum privileges in the domain were gained. In 90% of cases, the possibility of triggering non-tolerable events was verified; for this, the specialists did not always require full control over the IT infrastructure.”
Recommendations for Cyber Resilience
To achieve robust cyber resilience, Positive Technologies recommends that organizations continuously assess and monitor the security of their critical assets. This involves not only conducting penetration tests but also keeping the IT infrastructure perpetually ready to fend off cyberattacks. Experts suggest using automation solutions like MaxPatrol Carbon, which analyzes potential cyberattack scenarios, ranks them by severity, and provides practical recommendations for threat neutralization. For real-world network security challenges, tools such as PT NGFW, PT Sandbox, and PT NAD are recommended to block known threats, protect systems against malware, and detect attacker movements.
Positive Technologies’ findings underscore the critical need for heightened cybersecurity measures across all sectors to mitigate the increasing threat of cyberattacks.
