2019 Security Report

Key Observations

• In 2018, we observed many successful attacks based on historic vulnerabilities. Legacy attacks dating back to as far as 2009 remained effective. Hackers successfully compromised systems when the systems were unpatched, or because no patch was available for a legacy system. Widespread availability of exploit software that targets well-known vulnerabilities also contributed to the phenomenon. Bad security hygiene, in the form of default login and password credentials, also contributed to the problem.
• Public cloud architectures created a second vector for new security attacks. Both home-grown and commercial software packages exhibited vulnerabilities. We categorize these into two basic groups: code vulnerabilities and configuration vulnerabilities. Misconfigured security and access policies were a major source of data breach in 2018.
• Beneath the threats observed lies an unavoidable truth: Network and application complexity pose serious security threats. Complexity continues to grow within enterprise and service provider IT environments. This growing complexity is creating new security vulnerabilities every day. Thwarting security attacks starts with a continuous commitment to security best practices. Tools augment your ability to mitigate threats, but only security best practices can prevent them.