At our February Breakfast Brief in Sydney and Melbourne, two of our Penetration Testers and Researchers presented to a select crowd on the importance of not overlooking the small vulnerabilities. When undertaking Vulnerability Assessments and Penetration Tests, these small, seemingly inconsequential vulnerabilities are often down graded or accepted and left to be exploited by hackers that are highly adept in finding, collecting and holding onto these vulnerabilities for future reference and to used together to compromise an organisation.
Here is a little of an article on the presentation from ZDNET.
At the Securus Global’s February security briefing, a pair of security researchers, demostrated how businesses accepting small securty risks may be leaving the door open to hackers who have realised that chaining small vulnerabilities together represents an easy way to destroy companies.
The researchers stated that organisations tended to look at vulnerabilities separate from other vulnerabilities, when the real issue was how these could be used in conjunction with each other to become potentially more dangerous. They then went on to demonstrate how a number of organisations they had previously worked with had fallen into the trap of considering threats to their business in isolation.