For many years, RSM has made a continuous effort to assist organizations in addressing cybersecurity challenges, provide tools to achieve a desired state of security, and deliver guidance for attack prevention. We perform security penetration testing to simulate attacks on internal networks and closely mimic security breaches within controlled environments. By conducting these assessments, we seek to determine the level of compromise that an attacker may achieve, while investigating the data accessible to malicious intruders.
Based on an analysis of external and internal penetration tests from 2019-2021, we have created the 2022 Attack Vectors Report. For the first time, our Attack Vectors report also features analysis of penetration tests through the lens of maturity assessments.
In other words, how does the cybersecurity maturity of an organization affect our ability to compromise their network?
We collated data from 257 external penetration tests and 183 internal penetration tests, all from organizations for whom we also performed maturity assessments. We then broke down the most common attack vectors that we used to compromise real networks, from LLMNR/NBT-NS spoofing to Kerberoasting.
Each attack vector also shows the business risks and impact of successful attacks, as well as steps to remediate the vulnerabilities that allow for those attacks.
If you have any questions regarding this report, please contact RSM US LLP. For additional information about our penetration testing services or reporting processes, please visit the RSM website.