A NEW report by security experts has revealed that targeted email attacks that exploit vulnerabilities in commonly used client-side applications are now the number-one means of infecting computers.
The Top Cyber Security Risks report was produced by the Sans Institute and security software vendors Qualys and TippingPoint.
The study also indicated that 'spear phishing' enables attackers to infect common but often unpatched programs on Microsoft's Office and Adobe's PDF Reader, QuickTime and Adobe Flash.
According to the report, the infected PCs then propagate the infection and compromise other unpatched computers and servers on corporate networks.
This then enables malicious individuals to steal data and install back doors through which they can subsequently return.
Despite these high risks, the report said that large organisations take on average twice as long to patch vulnerabilities in client-side packages as they do those found in operating systems.
The report added most enterprises are focusing too much of their attention on relatively low risk areas rather than on those of the highest priority.
To combat this, the report has also laid out Twenty Critical Controls for Effective Cyber Defense (PDF) based on best practice advice from security researchers.
Add a comment