The biggest security threat to a business is also its biggest asset

Password

Never mind software vulnerabilities, your company network is far more likely to be breached due to a slipup made by a staff member, a new report has reminded us.

This particular piece of research has been published by security outfit Praetorian, and it encompassed some 100 penetration tests and 450 real-life attacks, finding that the most prevalent attack vector was that of exploiting either weak or phished employee passwords.

Indeed, Praetorian observed that weak domain user passwords were a root cause of compromise in 66% of breaches, coming first in the list of top five attack vectors.

The following four were: Broadcast name resolution poisoning (64%); Local administrator attacks (61%); Cleartext passwords stored in memory (59%); Insufficient network access controls (52%).

Praetorian noted that the top four of these attack methods are based on leveraging phished or otherwise stolen user credentials – and also that most attacks don't have a single root cause, in fact 97% of them have two or more.

Path of least resistance

The simple truth is that rather than hunting for exploits and vulnerabilities they can use to crack open a network, attackers are much more likely to rely on some form of social engineering, because this is quite simply an easier and less risky route to take.

Of course, looking down the line, the traditional password is slowly being replaced by biometrics – as we saw recently, we'd all rather use our bodies than passwords.

Although there are, of course, limits to biometric security in certain respects. Earlier this week we reported on how facial recognition can be easily fooled using poor quality photos of victims found on the web, although that's just basic camera-based facial recognition (for example, adding infrared to detect a 'live' face obviously makes a big difference).

At any rate, it remains clear that traditional passwords are a seriously vulnerable aspect when it comes to network defences.

Via: Naked Security

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).