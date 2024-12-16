Seite 2 ► Seite 1 von 3

London (ots) - - 'Cyber Security Report 2024/2025' by Horizon3.ai for the UnitedKingdom- "Thinking that software can be made completely invulnerable or thatconventional cyber security defences are sufficient is a common misjudgement,"warns cyber security expert Keith Poyser. "Most organisations today use dozens,if not hundreds, of software applications and solutions, creating an expansiveattack surface. A vulnerability remains harmless only until a hacker uncovershow to exploit it. Real world exploitable vulnerabilities are chained togetherto form effective attack paths, with clear business impact. This very real riskpresents numerous potential threats, underscoring the importance for companiesto strengthen their defences before an attack occurs, across all attacksurfaces...and that means testing from an attacker's perspective."Hackers employ a wide range of tactics, techniques, and procedures to exploitvulnerabilities in software. At the same time, they use targeted phishingattacks, third-party data breaches, and open-source information (OSINT) to gainaccess to a user's credentials, which can provide the much needed gateway tovaluable systems and data. This is a key takeaway from the "Cyber SecurityReport UK 2024/25" by Horizon3.ai, which surveyed 150 organisations across theUnited Kingdom. The findings reveal that almost half of these organisations(48%) regard stolen user and admin credentials as one of the most significantcyber security threats they face. Additionally, an overwhelming 42% ofrespondents (who could select multiple threats) identify insufficiently secureddata and/or unknown data stores as a significant potential risk to theirorganisations.Another key finding reveals that more than a quarter (29%) of companies considerattacks via unpatched but known security vulnerabilities in corporate networksto be a major threat. These are software vulnerabilities that are already known,with a patch available from the vendor, but have yet to be patched by thecompanies using the software. An additional 27% are concerned about incorrectlyconfigured software and/or hardware devices as a source of potential risk totheir organisations. "These issues are a prime opportunity for cybercriminals.At the end of the day, a considerable proportion of the successful cyberattacksare the result of human error," Keith Poyser, Vice President for EMEA at cybersecurity company Horizon3.ai, explains.Penetration Testing as a Solution to Cyber Threats