Cybersecurity Jumps Up The Corporate Agenda

Uploaded on 2018-08-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Security professionals are more worried about data breaches and cyber-attacks than they were a year ago, with most fearing that Meltdown-Spectre attacks are becoming the norm.

System compromises and ransomware are the greatest threats to organisations, with 20% listing both as their primary concern, according to Neustar’s International cyber benchmarks index report.

These are closely followed by distributed denial of service (DDoS) attacks (19%), financial theft (18%), and attacks on intellectual property (17%), the survey of security professionals across Europe, the Middle East, Africa and the US shows.

Nearly half of those polled (47%) see DDoS attacks as increasingly harmful to their organisation this year, up from 38% in 2017. On average, 40% of respondent organisations said they have been targeted by DDoS attacks.

Almost all companies surveyed (98%) have taken steps to minimise risks from attacks exploiting the Meltdown and Spectre chip vulnerabilities, with 90% of respondents saying they believe these attacks will become the norm.

Neustar’s Changing face of cyber-attacks report, which examined the effects of memcached attacks and the largest DDoS attack ever recorded at 1.7Tbps, demonstrates how the different types of threat propagating today, combined with the sheer volume of attacks, can paint a discouraging picture.

The report also underlines that today’s threats seldom occur in isolation. For example, a DDoS threat in one segment can divert attention from malware in another, while ransomware can be used to hasten data exfiltration.

According to the report, IPv6 attacks will rise as companies adopt the new standard. Neustar thwarted what is believed to be the first IPv6 attack, which presented a new direction that attackers are likely to pursue as more and more companies adopt IPv6 and run dual IPv4/IPv6 stacks, the report said.

Running IPv4 and IPv6 in parallel speeds up IPv6 network implementation, but works against consistent security, the report warns.

It adds that matters are complicated even further by the fact that many security tools still do not support IPv6 or may not be configured properly, which allows attackers to bypass firewalls and intrusion prevention systems, generating malicious IPv6 traffic that these controls do not recognise.

The growth of devices making up the Internet of Things (IoT) is paving the way for botnets, which are constantly evolving, the report said, pointing out that cyber criminals can rent or buy these botnets with ease, making these threats one of the biggest issues for enterprises today.

Rodney Joffe, Neustar senior vice-president and fellow, said the reports’ findings should come as no surprise to anyone.

“Yes, security professionals are becoming more concerned about the level of threat to their organisations, because that same level of threat is continuing to rise at an extreme rate,” he said.

“As we have seen over the past year, there are more threats to be aware of, whether in the form of DDoS, malware, application layer attacks or something else entirely, leaving professionals confused about where the next attack is coming from.

“To successfully prepare for a cyber-attack in today’s landscape is to accept that your organisation will be the next target. If you are online, you are susceptible to an attack. Whether you are most vulnerable or not is entirely up to you.”

Computer Weekly

You Might Also Read: 

Inside the Intel Chip Security Problem:

Get Serious About Hardware Cybersecurity:

 

« Phishing Tools Used To Attack The Power Grid
Blockchain In Plain English »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Micro Systemation AB (MSAB)

Micro Systemation AB (MSAB)

MSAB is a leader in the provision of forensically secure tools for the extraction and analysis of data from mobile devices.

Homeland Security Investigations (HSI)

Homeland Security Investigations (HSI)

Homeland Security Investigations (HSI) is a premier federal law enforcement agency within the Department of Homeland Security (DHS).

International School of IT Security (ISITS)

International School of IT Security (ISITS)

The International School of IT Security (ISITS) is a leading provider of professional training in the field of IT Security.

Metrarc

Metrarc

Metrarc has developed a ground-breaking technology called ICMetrics™ for deriving secure encryption keys from the properties of digital systems without the need to store any of the encryption keys.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

Estio Training

Estio Training

Estio Training is a specialist digital and IT apprenticeships provider, dedicated to introducing new skills and developing existing talent in businesses across the UK.

Bolt Learning

Bolt Learning

Bolt's Cyber Security eLearning module provides users with an in-depth understanding of cybercrime, how it can occur and what everyone can contribute to preventing it.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

Hadrian

Hadrian

Hadrian is modernizing offensive security practices with automation, making them faster and more scalable. Equipped with the hacker’s perspective, companies can now know what their critical risks are.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

eMudhra

eMudhra

eMudhra is a leader in Identity and Transaction Management Solutions.

Diversified Technical Services Inc. (DTSI)

Diversified Technical Services Inc. (DTSI)

DTSI provides a wide range of technology solutions for Federal Agencies, the Department of Defense, and commerical organizations with capabilities including Cyber Security and DevSecOps.

Internet Initiative Japan (IIJ)

Internet Initiative Japan (IIJ)

IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers.

SoConnect

SoConnect

SoConnect provides safe, secured, and taken care of IT, with infrastructure built around you and your business.

GAM Tech

GAM Tech

GAM Tech is a Managed IT Service Provider that serves small and medium sized businesses in Alberta, British Columbia, Ontario and Quebec.

CertX

CertX

CertX is a Swiss functional safety, cybersecurity and artificial intelligence certification body.