Cybersecurity Vigilance Is Mandatory

The development of exploits designed to target the data and systems of individuals and organisations is at an all-time high, with the number of unique variants showing double-digit growth, with many of them more advanced than ever. Constant vigilance against emerging threats has never been more nessecary. 
 
Here are four trends  that security leaders need to be paying attention to over the third quarter of 2018:
 
Mobile Devices Remain a Target.
Over one-quarter of organisations experienced a mobile malware attack, with the majority being on the Android operating system. 
 
In fact, of the threats organisations faced from all attack vectors, 14% of total malware alerts were Android related. By comparison, only .000311% of threats were targeted to Apple iOS. Mobile threats are a looming threat that must be addressed, especially as the mobile-shopping holiday season nears. These threats can become a gateway for corporate networks to be exploited. Criminals know mobile is an accessible target for infiltrating a network, and they are exploiting it.
 
Cryptojacking is a Gateway to Other Attacks 
Cryptojacking remains prevalent and continues to grow in scope. The number of platforms affected by Cryptojacking jumped 38% and the number of unique signatures nearly doubled in the past year. These include new sophisticated platforms for advanced attackers as well as “as-a-service “platforms for novice criminals. Botnets are also increasingly leveraging Cryptojacking exploits for their attack strategy. 
 
Although it is often considered to be a nuisance threat that simply hijacks unused CPU cycles, security leaders are realising how Cryptojacking can become a gateway for additional attacks. Underestimating the repercussions of Cryptojacking places an organisation under heightened risk.
 
Botnets
The number of days that a botnet infection was able to persist inside an organisation increased 34% from 7.6 days to 10.2 days, indicating that botnets are becoming more sophisticated, difficult to detect, and harder to remove. 
This is also the result of many organisations still failing to practice good cyber hygiene, including patching and updating vulnerable devices, and thoroughly scrubbing a network after an attack has been detected. Many sophisticated botnets go dormant after detection. If the root cause or “patient zero” is not located and removed, many botnets simply return once normal business operations resume.
 
Encrypted Traffic Reaches a New Threshold
Encrypted traffic now represents over 72% of all network traffic, up from 55% just one year ago. 
While encryption can certainly help protect data in motion as it moves between core, cloud, and endpoint environments, it also represents a real challenge for traditional security solutions. 
 
Critical firewalls and IPS performance limitations of some legacy security solutions continue to limit organisations from inspecting encrypted data. As a result, this traffic is increasingly not analysed for malicious activity, making it an ideal mechanism for criminals to spread malware or exfiltrate data.
 
Addressing the Challenge
In digital terms, eternal vigilance involves visibility and control. However, digital transformation efforts have restricted the visibility and fragmented the controls of many organization. 
 
To successfully address today’s challenges, IT teams need to rethink their security strategy, from implementing effective security hygiene measure, to implementing an integrated security fabric architecture that can seamlessly span the entire expanding attack surface for unified visibility and the ability to orchestrate controls from a single console.
 
To that end, here are several corollary security strategies every organisation needs to consider when addressing the modern threat landscape:
 
Countering Advanced Threats. The evolution of the threat landscape requires a security transformation. This includes a shift from point security products, manual security management, and reactive security to a strategy where different security elements are integrated into a single system, security workflows can span multiple network ecosystems, and threat-intelligence is centrally collected and correlated. It also requires that advanced sandboxing be integrated across multiple security elements, enabling organisations to prevent and detect previously unknown threats regardless of where they appear.
 
Leverage Automation. As the speed of threats rapidly increase, the number of evasive techniques multiply, and the time windows for prevention, detection, and remediation continue to shrink, automation is pivotal. Organizations require a security platform at the same time where each of the different elements communicate with each other in real time.
 
Combatting Cryptojacking. Security leaders must realize that the threat of Cryptojacking is more than just the degradation of performance and computing workloads and the theft of expensive cloud computing resources. Cryptojacking raises the risk, due to defenses being taken down, of data theft and operational outages for IT and OT infrastructures. Infection also is an indication that larger security issues exist. 
 
One essential approach to combatting Cryptojacking involves maintaining a comprehensive inventory of devices (especially IoT devices) across your network and baselining behavior. With this information in hand, you’re able to monitor for aberrant behavior that may reflect Cryptojacking activity.
 
Know When to Detect Threats. The haystack of traffic is much larger during workdays, and thus it is harder to pinpoint threats. But as the volume of traffic shrinks over the weekend and holidays, it is much easier to find those malicious needles. To that end, organizations need to ensure they have 24/7 security and network operations that enable them to search for and find needles in the much smaller haystack of non-operating hours.
Mobile Threats. The total number of company-owned mobile devices in use increased 2.5% from 2017 to 2018. This doesn’t include the expanding volume of personally owned mobile devices connected to networks as a result of the 72% of organisations that have a BYOD-friendly policy. 
 
Because cybercriminals understand that mobile is an easy target for infiltrating a network, security leaders need to ensure they have the appropriate controls in place to protect against those devices, especially at their wireless access points.
This requires that wireless access points and mobile security services be fully integrated into next-generation firewalls, combined with automated threat-intelligence sharing between them and your broader set of security elements. Establishing visibility and controlling access to your network using a third-generation Network Access Control solution is also critical.
 
Summing Up
Cybersecurity challenges continue to grow, and organizations in the midst of digital transformation efforts are especially vulnerable. As the holiday season approaches and more and more consumers are online, cybercriminal efforts are expected to accelerate. Retailers and others offering Omni-channel experiences to their customers need to pay particular heed to their wireless access points, which can easily and quickly be exploited by malicious criminals. These sorts of threat vectors are especially concerning as they can become a gateway for your corporate network to be exploited. 
 
With more attack vectors being successfully targeted by cybercriminals, doing more of the same when it comes to security is a proven losing strategy. 
 
Organisations need to become hypervigilant about security, or they will forfeit their ability to compete in today’s digital marketplace because they will become victims to the increasingly effective and ruthless cybercriminal community.
 
CSO
 
You Might Also Read:
 
Botnets Are Here To Stay:
 
Crypto-Mining Hits 42% Of Organisations Worlwide:
« South Korea To Triple Investment In Blockchain
Industrial Control Systems Are A Soft Target For Cyber Attackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

Black Duck Software

Black Duck Software

Black Duck Hub allows organizations to manage open source code security as well as license compliance risks.

Steptoe & Johnson

Steptoe & Johnson

Steptoe is an international law firm with offices in the USA, Europe and China. Practice areas include Cybersecurity, Privacy & National Security.

Cybonet

Cybonet

Cybonet is committed to empowering organizations of all sizes with the tools and capabilities to detect and engage cyber security threats.

Iceberg

Iceberg

Iceberg has been established to provide companies with cyber security experts who will protect businesses from the unseen threat of cyber crime.

Asoftnet

Asoftnet

Asoftnet are specialists in IT security, IT forensics, IT service, websites, applications and mobile solutions.

TeskaLabs

TeskaLabs

TeskaLabs is a software vendor of cybersecurity and data privacy products.

Billington CyberSecurity

Billington CyberSecurity

Billington CyberSecurity is a leading, independent education company with an exclusive focus on cybersecurity.

Netsurion

Netsurion

Netsurion powers secure and agile networks for highly distributed and small-to-medium enterprises and the IT providers that serve them.

Templar Shield

Templar Shield

Templar Shield is a premier information security, risk and compliance technology professional services firm serving North America.

10dot Cloud Security

10dot Cloud Security

10dot Cloud Security is a security service management company. Our solutions give you contextualised visibility into your network security.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

Astrill VPN

Astrill VPN

Astrill VPN is a Seychelles based Virtual Private Network(VPN) Company.

VC3

VC3

VC3 provides a full range of Information Technology Solutions and Services to hundreds of municipalities and organizations throughout the USA.

Treacle Technologies

Treacle Technologies

Treacle Technologies are a Cyber Security startup with a focus on Defensive Security.

Secure Enterprise Engineering (SEE)

Secure Enterprise Engineering (SEE)

SEE provides disruptive cybersecurity system engineering, architecture, and operational capabilities to make our customer’s missions execute faster, smarter, and more securely.