For many years, RSM has made a continuous effort to assist organizations in addressing cybersecurity challenges, provide tools to achieve a desired state of security, and deliver guidance for attack prevention. We perform security penetration testing to simulate attacks on internal networks and closely mimic security breaches within controlled environments. By conducting these assessments, we seek to determine the level of compromise that an attacker may achieve, while investigating the data accessible to malicious intruders.
Based on an analysis of our internal penetration tests from the past year, we have created the 2021 Attack Vectors Report, which examines 60 successfully compromised client reports. For each client, we tracked the attack vectors that allowed us to access target systems or sensitive information. These vectors have been compiled into walkthroughs and timelines, which we hope can be of use to readers interested in the “behind-the-scenes” of penetration testing.
Each vector is accompanied by an explanatory vulnerability linkage diagram, which illustrates the basic steps required for a successful attack. In addition, we have included 20 supplementary diagrams from existing reports in 2020-2021 for the reader’s reference.
The consequences of cyber-attacks typically range from unpleasant to severe—security incidents place considerable strain on organizational resources, invite lawsuits, incite reputational damage and interrupt business operations. Furthermore, mass data breaches can strip an organization of its property without enough evidence to guarantee a successful investigation. As such, from food delivery services to hospitals and education centers, any unprepared organization that handles social security numbers, card data, health information or even personal addresses is at risk of experiencing a significant loss.
If you have any questions regarding this report, please contact RSM US LLP. For additional information about our penetration testing services or reporting processes, please visit https://rsmus.com/what-we-do/services/risk-advisory/cybersecurity-data-privacy/security-testing/network-penetration-testing.html.
Primary Authors: Daria Ryabogin and Jonathan Slusar