Cybersecurity Vigilance Is Mandatory

The development of exploits designed to target the data and systems of individuals and organisations is at an all-time high, with the number of unique variants showing double-digit growth, with many of them more advanced than ever. Constant vigilance against emerging threats has never been more nessecary. 
 
Here are four trends  that security leaders need to be paying attention to over the third quarter of 2018:
 
Mobile Devices Remain a Target.
Over one-quarter of organisations experienced a mobile malware attack, with the majority being on the Android operating system. 
 
In fact, of the threats organisations faced from all attack vectors, 14% of total malware alerts were Android related. By comparison, only .000311% of threats were targeted to Apple iOS. Mobile threats are a looming threat that must be addressed, especially as the mobile-shopping holiday season nears. These threats can become a gateway for corporate networks to be exploited. Criminals know mobile is an accessible target for infiltrating a network, and they are exploiting it.
 
Cryptojacking is a Gateway to Other Attacks 
Cryptojacking remains prevalent and continues to grow in scope. The number of platforms affected by Cryptojacking jumped 38% and the number of unique signatures nearly doubled in the past year. These include new sophisticated platforms for advanced attackers as well as “as-a-service “platforms for novice criminals. Botnets are also increasingly leveraging Cryptojacking exploits for their attack strategy. 
 
Although it is often considered to be a nuisance threat that simply hijacks unused CPU cycles, security leaders are realising how Cryptojacking can become a gateway for additional attacks. Underestimating the repercussions of Cryptojacking places an organisation under heightened risk.
 
Botnets
The number of days that a botnet infection was able to persist inside an organisation increased 34% from 7.6 days to 10.2 days, indicating that botnets are becoming more sophisticated, difficult to detect, and harder to remove. 
This is also the result of many organisations still failing to practice good cyber hygiene, including patching and updating vulnerable devices, and thoroughly scrubbing a network after an attack has been detected. Many sophisticated botnets go dormant after detection. If the root cause or “patient zero” is not located and removed, many botnets simply return once normal business operations resume.
 
Encrypted Traffic Reaches a New Threshold
Encrypted traffic now represents over 72% of all network traffic, up from 55% just one year ago. 
While encryption can certainly help protect data in motion as it moves between core, cloud, and endpoint environments, it also represents a real challenge for traditional security solutions. 
 
Critical firewalls and IPS performance limitations of some legacy security solutions continue to limit organisations from inspecting encrypted data. As a result, this traffic is increasingly not analysed for malicious activity, making it an ideal mechanism for criminals to spread malware or exfiltrate data.
 
Addressing the Challenge
In digital terms, eternal vigilance involves visibility and control. However, digital transformation efforts have restricted the visibility and fragmented the controls of many organization. 
 
To successfully address today’s challenges, IT teams need to rethink their security strategy, from implementing effective security hygiene measure, to implementing an integrated security fabric architecture that can seamlessly span the entire expanding attack surface for unified visibility and the ability to orchestrate controls from a single console.
 
To that end, here are several corollary security strategies every organisation needs to consider when addressing the modern threat landscape:
 
Countering Advanced Threats. The evolution of the threat landscape requires a security transformation. This includes a shift from point security products, manual security management, and reactive security to a strategy where different security elements are integrated into a single system, security workflows can span multiple network ecosystems, and threat-intelligence is centrally collected and correlated. It also requires that advanced sandboxing be integrated across multiple security elements, enabling organisations to prevent and detect previously unknown threats regardless of where they appear.
 
Leverage Automation. As the speed of threats rapidly increase, the number of evasive techniques multiply, and the time windows for prevention, detection, and remediation continue to shrink, automation is pivotal. Organizations require a security platform at the same time where each of the different elements communicate with each other in real time.
 
Combatting Cryptojacking. Security leaders must realize that the threat of Cryptojacking is more than just the degradation of performance and computing workloads and the theft of expensive cloud computing resources. Cryptojacking raises the risk, due to defenses being taken down, of data theft and operational outages for IT and OT infrastructures. Infection also is an indication that larger security issues exist. 
 
One essential approach to combatting Cryptojacking involves maintaining a comprehensive inventory of devices (especially IoT devices) across your network and baselining behavior. With this information in hand, you’re able to monitor for aberrant behavior that may reflect Cryptojacking activity.
 
Know When to Detect Threats. The haystack of traffic is much larger during workdays, and thus it is harder to pinpoint threats. But as the volume of traffic shrinks over the weekend and holidays, it is much easier to find those malicious needles. To that end, organizations need to ensure they have 24/7 security and network operations that enable them to search for and find needles in the much smaller haystack of non-operating hours.
Mobile Threats. The total number of company-owned mobile devices in use increased 2.5% from 2017 to 2018. This doesn’t include the expanding volume of personally owned mobile devices connected to networks as a result of the 72% of organisations that have a BYOD-friendly policy. 
 
Because cybercriminals understand that mobile is an easy target for infiltrating a network, security leaders need to ensure they have the appropriate controls in place to protect against those devices, especially at their wireless access points.
This requires that wireless access points and mobile security services be fully integrated into next-generation firewalls, combined with automated threat-intelligence sharing between them and your broader set of security elements. Establishing visibility and controlling access to your network using a third-generation Network Access Control solution is also critical.
 
Summing Up
Cybersecurity challenges continue to grow, and organizations in the midst of digital transformation efforts are especially vulnerable. As the holiday season approaches and more and more consumers are online, cybercriminal efforts are expected to accelerate. Retailers and others offering Omni-channel experiences to their customers need to pay particular heed to their wireless access points, which can easily and quickly be exploited by malicious criminals. These sorts of threat vectors are especially concerning as they can become a gateway for your corporate network to be exploited. 
 
With more attack vectors being successfully targeted by cybercriminals, doing more of the same when it comes to security is a proven losing strategy. 
 
Organisations need to become hypervigilant about security, or they will forfeit their ability to compete in today’s digital marketplace because they will become victims to the increasingly effective and ruthless cybercriminal community.
 
CSO
 
You Might Also Read:
 
Botnets Are Here To Stay:
 
Crypto-Mining Hits 42% Of Organisations Worlwide:
« South Korea To Triple Investment In Blockchain
Industrial Control Systems Are A Soft Target For Cyber Attackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IASME Consortium

IASME Consortium

IASME is one of five companies appointed as Accreditation Bodies for assessing and certifying against the UK Government's Cyber Essentials Scheme.

Synopsys

Synopsys

Synopsys delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

Vdoo

Vdoo

Vdoo provides an end-to-end product security platform for automating all software security tasks throughout the entire product lifecycle.

Trinity Cyber

Trinity Cyber

Trinity Cyber’s patent-pending technology stops attacks before they reach internal networks,reducing risk and increasing cost to adversaries.

Polish Centre for Accreditation (PCA)

Polish Centre for Accreditation (PCA)

PCA is the national accreditation body for Poland. The directory of members provides details of organisations offering certification services for ISO 27001.

CyNam

CyNam

CyNam is a platform for enabling the growth and development of people and organisations within Cheltenham’s flourishing cyber technology ecosystem.

Salem Cyber

Salem Cyber

Salem Cyber builds Artificial Intelligence (AI) solutions that work collaboratively with people to address scalability challenges in cybersecurity operations.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

StrongBox IT

StrongBox IT

Strongbox IT provides solutions to secure web applications and infrastructure.

Network Contagion Research Institute (NCRI)

Network Contagion Research Institute (NCRI)

NCRI provides pioneering technology, research, and analysis to identify and forecast cyber-social threats targeting individuals, organizations, and communities.

Certera

Certera

Certera is a modern and affordable SSL Certificate, Code Signing Certificate, and Cyber Security Services provider.

Ventum Consulting

Ventum Consulting

Ventum Consulting stands for digitalization, networking and agilization. We take this up on the strategic, professional and technical side and support our customers in the digital transformation.

Cyborg Security

Cyborg Security

Cyborg Security is a team of threat hunters, threat intelligence analysts, and security researchers from across North America.

PureSoftware

PureSoftware

PureSoftware is a global software products and digital services company that is driving transformation for the world’s top organizations across various industry verticals.

Clumio

Clumio

Clumio provides autonomous backup and recovery for critical cloud data.