The software manufacturer in the field of information security Positive Technologies reported on the weak protection of more than half of corporate information systems that even an inexperienced hacker can crack.

The study says that 47% of the companies' IT systems tested have critical vulnerabilities, and they are mostly due to configuration flaws (found in 40% of the systems examined), errors in the web application code (27%) and lack of security updates (20% Systems). The average age of the most obsolete uninstalled updates for systems where such vulnerabilities were detected is nine years.

Approximately 55% of the studied systems are not protected in such a way that through them you can gain complete control over the corporate infrastructure from the external violator, from the internal violator - in all systems (100%). In 2015, these indicators were only 28% and 82% respectively.

Most often in corporate networks there are deficiencies in the protection of the network and data link protocols, leading to traffic redirection and interception of network configuration information (found in 100% of systems).

"The vectors of attacks on corporate infrastructures continue to be based on the exploitation of common vulnerabilities and shortcomings, says the head of the department of information security analyst Positive Technologies Evgeny Gnedin. - To eliminate such threats, as a rule, it is sufficient to apply the basic principles of information security.

In particular, enter a strict password policy and minimize the privileges of users and services, do not store sensitive information in public, limit the number of network service interfaces available for connection on the network perimeter, regularly update the software and install security updates ".

The research report also talks about the low level of security of wireless networks - the problem is relevant for 75% of companies. In every second system from the wireless network, access to the organization's local area network is possible.

The degree of user awareness of information security issues in 2016 was extremely low in half of the systems, although a year ago only 25% of systems.