Organisations are failing to understand the risks now presented by desktop applications and continuing to focus security efforts on server and network infrastructure. This is despite a massive increase in desktop application attacks worldwide that are crippling organisations of all sizes, including state of the art technology giants.
Applications such as PDF readers, zip utilities, and mail and web clients are being actively targeted, as core operating systems become updated more readily and hence become resistant to known attacks. Just by sending a malicious attachment, desktops can often be compromised and a silent, encrypted connection made back to a waiting attack server. This can appear like typical web traffic, so will often traverse the corporate firewall and proxy server.
To help highlight the issue, Sec-Tec offers a comprehensive desktop penetration testing service in which user's attitudes to unsolicited email and the likelihood to click on unauthorised links can be measured, in addition to the technical vulnerabilities present within the underlying desktops that could be exploited.
The 2010-2011 statistics from Sec-Tec's penetration testing efforts show a dramatic increase in the exploitable vulnerabilities associated with desktops.
You can read more about Sec-Tec's penetration testing services to see how we can help your organisation.