Cybersecurity Jumps Up The Corporate Agenda

Security professionals are more worried about data breaches and cyber-attacks than they were a year ago, with most fearing that Meltdown-Spectre attacks are becoming the norm.

System compromises and ransomware are the greatest threats to organisations, with 20% listing both as their primary concern, according to Neustar’s International cyber benchmarks index report.

These are closely followed by distributed denial of service (DDoS) attacks (19%), financial theft (18%), and attacks on intellectual property (17%), the survey of security professionals across Europe, the Middle East, Africa and the US shows.

Nearly half of those polled (47%) see DDoS attacks as increasingly harmful to their organisation this year, up from 38% in 2017. On average, 40% of respondent organisations said they have been targeted by DDoS attacks.

Almost all companies surveyed (98%) have taken steps to minimise risks from attacks exploiting the Meltdown and Spectre chip vulnerabilities, with 90% of respondents saying they believe these attacks will become the norm.

Neustar’s Changing face of cyber-attacks report, which examined the effects of memcached attacks and the largest DDoS attack ever recorded at 1.7Tbps, demonstrates how the different types of threat propagating today, combined with the sheer volume of attacks, can paint a discouraging picture.

The report also underlines that today’s threats seldom occur in isolation. For example, a DDoS threat in one segment can divert attention from malware in another, while ransomware can be used to hasten data exfiltration.

According to the report, IPv6 attacks will rise as companies adopt the new standard. Neustar thwarted what is believed to be the first IPv6 attack, which presented a new direction that attackers are likely to pursue as more and more companies adopt IPv6 and run dual IPv4/IPv6 stacks, the report said.

Running IPv4 and IPv6 in parallel speeds up IPv6 network implementation, but works against consistent security, the report warns.

It adds that matters are complicated even further by the fact that many security tools still do not support IPv6 or may not be configured properly, which allows attackers to bypass firewalls and intrusion prevention systems, generating malicious IPv6 traffic that these controls do not recognise.

The growth of devices making up the Internet of Things (IoT) is paving the way for botnets, which are constantly evolving, the report said, pointing out that cyber criminals can rent or buy these botnets with ease, making these threats one of the biggest issues for enterprises today.

Rodney Joffe, Neustar senior vice-president and fellow, said the reports’ findings should come as no surprise to anyone.

“Yes, security professionals are becoming more concerned about the level of threat to their organisations, because that same level of threat is continuing to rise at an extreme rate,” he said.

“As we have seen over the past year, there are more threats to be aware of, whether in the form of DDoS, malware, application layer attacks or something else entirely, leaving professionals confused about where the next attack is coming from.

“To successfully prepare for a cyber-attack in today’s landscape is to accept that your organisation will be the next target. If you are online, you are susceptible to an attack. Whether you are most vulnerable or not is entirely up to you.”

Computer Weekly

You Might Also Read: 

Inside the Intel Chip Security Problem:

Get Serious About Hardware Cybersecurity:

 

« Phishing Tools Used To Attack The Power Grid
Blockchain In Plain English »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

Siscon

Siscon

Siscon delivers tailor-made compliance solutions that are based on the customer's specific wishes and reality and then supplement with many years of experience in the field.

AnubisNetworks

AnubisNetworks

AnubisNetworks is one of Europe’s leading threat intelligence and email security suppliers.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

British Blockchain Association (BBA)

British Blockchain Association (BBA)

British Blockchain Association (BBA) is a not-for-profit organisation that promotes evidence-based adoption of Blockchain and Distributed Ledger Technologies (DLT) across the public and private sector

ImmuniWeb

ImmuniWeb

We Simplify, Accelerate and Reduce Costs of Security Testing, Protection and Compliance.

Crowe

Crowe

Crowe is a public accounting, consulting, and technology firm that combines deep industry and specialized expertise with innovation.

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

TrustCloud

TrustCloud

TrustCloud is a global company specializing in the orchestration and custody of secure digital transactions including identification, signature, payments, and electronic custody.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

Keyrus

Keyrus

Keyrus is a global consultancy that develops data and digital solutions for performance management.

Oasis Security

Oasis Security

Oasis is the market leading platform for non-human identity management. Our mission is to fortify cybersecurity defenses by enabling enterprises to efficiently secure non-human identities.

Cloudaeris

Cloudaeris

Cloudaeris is a trusted Microsoft Partner, and we've got what it takes to make your business more efficient and agile.

Evolve Business Group

Evolve Business Group

Evolve is an independently-owned managed network solutions provider, creating bespoke packages for customers globally since 2005.

DeepTempo

DeepTempo

At DeepTempo, we build AI models and related software that protect enterprises and service providers from sophisticated cyber threats.

Canary Technology Solutions (Canary IT)

Canary Technology Solutions (Canary IT)

A Cloud, Cyber Security, Retail Solutions and Managed IT Services provider for over 25 years, we safeguard and revolutionise business through technology and foresight.