Hackers exploit vulnerabilities while organisations are focusing on high-profile threats such as Heartbleed, Cisco Systems has warned.
A security report by the multinational technology firm found weak links in organisations are contributing to the increasingly dynamic threat landscape.
The weak links, which include outdated software, bad code and user errors, can offer opportunities to hackers to exploit them. The report said just 8.3 per cent websites are protected from hackers and the remaining websites failed to match security standards.
Infected ad networks
The report also reveals that media and publishing sites were the most exposed to malware in the first-half of this year, mainly through infected advertising networks.
Cisco said hackers launching exploits and other scams around high-profile events, such as the 2014 Winter Olympic Games and the Academy Awards and big news stories, such as the Malaysia Airlines Flight 370 disappearance and the South Korean ferry disaster, are likely reasons for the increase in encounters for the media and publishing industry.
The pharmaceutical and chemical sector is also in the top three for web malware encounters, along with the aviation.
Java remains the most popular software to be exploited, with 93 per cent of all web attacks beginning with the programming language. Java 1.6 and 1.7 are the top choices for hackers, but Java 1.8 is also seeing an increase in attacks.
The report warns that focussing on high-profile vulnerabilities, rather than high-impact, common, and stealthy threats, puts organisations at greater risk. “By proliferating attacks against low-profile legacy applications and infrastructure with known weaknesses, malicious actors are able to escape detection as security teams focus instead on boldface vulnerabilities, such as Heartbleed.”
Cyber risks
Cisco Ireland general manager
Mike Conroy
said executive leadership needs to embrace and manage the associated cyber risks if companies are to succeed in a rapidly changing environment.
He said analysing and understanding weaknesses within the security chain rested largely upon the ability of individual organisations, and that organisations must operate security solutions everywhere a threat could manifest itself.