Exclusive first look at Coalition’s new cyber claims dataGet the 2024 Cyber Claims Report
Cyber Incident? Get Help

Is Business Software the Cause of Your Cyber Attack?


Since the pandemic, cyber threats — including ransomware and supply chain attacks — have increased in frequency and severity, further complicating the challenges of managing a distributed workforce. Unfortunately, those same systems aimed at bringing new efficiencies are often the culprit of data breaches. While sometimes blamed on human error, it is all too common that the technology is at fault.

When classifying a business’ digital risk, it’s important to first identify if there are any exploitable vulnerabilities within the technology the business is using. Then, consider the risks around how the business uses that technology, such as how it’s hosted and what it’s being used for. The answers to these questions will identify potential weaknesses with the goal of putting organizations on the path to greater security.

Assessing your technology

Certain technologies have inherent weaknesses that make them more likely to be exploited. Here are some risks associated with two common business technologies:

Remote Desktop Protocol (RDP) is included with most operating systems, allowing users to access their main desktop computer from other devices. Essentially, the technology lets many employees work from home. RDP has two main vulnerabilities:

  • Weak user sign-in credentials and unrestricted port access occur because employees often use the same password for their desktop login and their remote login. Since companies often do not monitor this activity, the connection can be exposed to what’s known as credential stuffing attacks.

  • Unrestricted port access happens when RDP connections occur at the same port. Threat actors know about this weakness and can target it for attack.

VMware Horizon is a virtual desktop platform that uses an open-source logging software component called Apache Log4j. Unpatched versions of the Apache Log4j are susceptible to a remote code execution vulnerability, which allows a cyberattacker to place malicious code on a computer remotely. Microsoft and the U.K. National Health Service, among others, have reported attacks through this vulnerability.

To track many of the potential vulnerabilities across various technologies, businesses can use tools such as the Exploit Prediction Scoring System (EPSS), which helps organizations estimate the probability of software vulnerabilities being exploited. Having a better understanding of where your business’ defenses are weak is the first step to protecting the business from future, costly attacks and reduce risk.

Understanding correlational tech vulnerabilities

Even when a particular technology doesn’t have any inherent weaknesses, the way your business relies upon or uses this technology can make it a source of vulnerability — without your realizing it. Here are three such cases:

  • On-premises email. If your email is hosted on the organization’s own physical servers, it’s easier for a hacker to attack. Most on-premises email servers require the organization to patch vulnerabilities themselves. The potential lack of segmentation is another big concern, since attacks can spread laterally more easily within the system. By contrast, when email is hosted on the cloud, the data is stored on a server in a secure data center — maintained by a dedicated staff who can apply patches quickly — and the email system is more segmented and independent, resulting in reduced risk.

  • End-of-life systems. Software that is no longer supported or updated is another common attack vector. Expired or unsupported software likely doesn’t have updated back-end security, so there’s more of a chance of a critical update being missed, leading to a potential exploit — and when it does, there is no easy fix.

  • Single software suite. When an organization uses one suite of software to both create and store all their files, that creates a concentrated pool for threat actors to target. The more concentrated a business’ data is, the higher the risk — as an attacker only needs to infiltrate one weak barrier to gain access to more critical company data or files.

Avoiding claims by avoiding risk

It can be overwhelming to think of all the ways your business can be vulnerable, especially in the age of ever-changing and mounting cyberthreats, but there are concrete ways businesses can protect themselves. Assessing the technology the business uses is key to making sure the that risks aren't being created through everyday practices.

Want to see how vulnerable your business is to tech risks? Take Coalition’s free Active Risk Assessment.