Only 4% of SMBs Have a Solid IT Infrastructure Protection

Softline has taken stock of the first month of Infrastructure Basic Security Analysis service implementation. The study revealed that information systems for 96% of small and medium-sized businesses are vulnerable to attacks from outside.

Within a month, the Infosecurity specialists (a member of Softline Group) assessed the protection level of 47 Russian SMB organizations (SMB stands for small & medium-sized business) using the company's own Infrastructure Basic Security Analysis service, and the study discovered lots of serious vulnerabilities in 45 companies.

The most recurrent problem was the lack of security updates. These incidents were identified in absolutely all organizations audited, and in some cases vulnerable versions of software were used at facilities critical for the company's operation.

The second most frequent problem went to weak or default passwords. The use of weak passwords both on workstations and network equipment were recorded in 70 per cent of companies.

The critical vulnerabilities were discovered in more than half of the companies-users of the Infrastructure Basic Security Analysis service, the detected vulnerabilities could remotely execute arbitrary code, leaving the organizations completely defenseless against external attackers. In addition, the Infosecurity specialists discovered traces of previous hacks (web shells, database dumps and illegitimate accounts) in 11 cases. All this shows that cybercriminals are actively interested in any weakly protected companies, trying to derive material benefit, so it is extremely important for small and medium-sized businesses to pay increased attention to information security issues.

Under these circumstances, the Softline Group proposes to test the resistance of your company's information infrastructure to DDoS attacks and, if necessary, to provide protection for small and medium-sized entreprises.

For questions or more information on service, please email: pentest@in4security.com or antiDDOS@in4security.com.

14
September 2020

Поделиться: