Three Reasons To Revise Your Cyber Security Plans

Uploaded on 2016-04-15 in NEWS-Cybersecurity News, FREE TO VIEW

The threat landscape is constantly becoming more sophisticated. That means any cybersecurity strategy not up to date with security tools and research will leave an organization open to attacks.

According to an IBM Report only 17% of the participating organizations are fully “cyber-secured”—which means 83% are inadequately defended.

 
To be prepared, companies need to implement cybersecurity strategies that address today's threats. The following three examples of emerging attacks show why all but the most well-guarded companies' current cybersecurity strategies need an update.

Ransomware

Ransomware, which means "ransom software," is one of the newest tools in hackers' arsenals. Essentially, a hacker implants ransomware on their victim's machine. The malicious program then encrypts data, preventing access to it. The ransomware tells the victim to pay a fee in order to get a passkey that restores access to the locked-off files. Even police departments have fallen prey to ransomware schemes.
 
Not long after the ransomware attack on Hollywood Presbyterian Medical Center in California, similar attacks were deployed in March 2016 against three more hospitals in the United States. In one of the cases, Methodist Hospital in Kentucky was hit with the “Locky” strain of ransomware—which encrypts important files and renames them with the extension ".locky"—and were asked to pay $1,600 in Bitcoin. Hospital staff were forced to process everything by hand during the system downtime due to the infection.
 
These attacks show that companies need to think about what to do if they encounter ransomware. Backing up regularly is one effective defense, because with a good policy in place, companies may be able to revert to the most recent backup rather than pay the ransom.

Advanced Phishing

Phishing—sending fake links that promise something good but lead to cyber attacks—is one of the most common ways organizations find themselves compromised. By now, most people are familiar with the poorly written emails that look suspicious, and perhaps many people have learned not to click on the links contained in them. But scammers have developed more advanced phishing attacks that can trick even informed individuals.
 
For instance, hackers have used Skype to send dangerous links to potential victims. Sometimes scammers find targets for Skype attacks by creating fake social media profiles which pretend to seek people to chat with. Catfishing, as it's known, has even been employed by government-sponsored hackers in Syria. Employees aware of the phishing risk posed by emails may not expect Skype to be a venue for cyber attacks, and thus may be more likely to fall for the scams.
 
Traditional emails are still a problem too: the customized phishing email is another example of a new phishing attack. Scammers scout out biographies of company personnel and create highly plausible emails that target specific individuals at a firm. Since these fake emails seem realistic, staff members have a much greater chance of clicking the bogus links contained in them.
 
As the possibility of threats such as catfishing shows, companies need a cybersecurity plan that encompasses all vectors for attack. Thorough network security monitoring and device inventory security tools can ensure that no network asset is left exposed.

Knowledgeable Insiders

Another new cyber danger is that today's insider threats are much more informed about cybersecurity—and how to defeat it. “Infosec” (information security) has become a popular topic, with ordinary individuals reading about hacker tricks and techniques for recreation. While yesterday's disgruntled employee might have been easily caught by digital forensics, today's insider may well be reading currently available information security publications and learning about ways to circumvent security measures.
 
For instance, an insider might learn about live operating systems and use one on a thumb-drive to bypass in-house security tools. The more knowledgeable a company's bad actors are, the better its cybersecurity has to be to defend against them.
 
To stay on top of cybersecurity, businesses today can turn to solutions such as SIEM, network security monitoring, and vulnerability management. With those tools at their disposal, organizations will be better equipped to handle today's advanced cyber threats.
 
More and more, organizations who were previously understaffed, under budgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities.

EIQNetworks: http://bit.ly/1SZ5kyy

« People Are (Still) The Biggest Security Risks
Mapping Unknown Risk »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Agari

Agari

Agari is the Trusted Email Identity Company™, protecting brands and people from devastating phishing and socially-engineered attacks.

BCS Financial

BCS Financial

BCS Financial delivers financial and insurance solutions. Specialty risk products include Cyber and Privacy Liability insurance.

Penta Security

Penta Security

Founded on its data encryption technology, Penta Security is a leading provider of web and data security products, solutions and services.

Egyptian Supreme Cybersecurity Council (ESCC)

Egyptian Supreme Cybersecurity Council (ESCC)

ESCC is responsible for developing a national strategy to face and respond to the cyber threats and attacks and to oversee its implementation and update.

Pareteum

Pareteum

Pareteum is a leading Global provider of mobile networking software and services. Our mission is to provide a single solution to the problem of fully enabling and securing the Mobile Cloud.

Zighra

Zighra

Zighra is a leading provider of On-Device AI solutions for continuous authentication and fraud detection on mobile and web applications.

Cloudentity

Cloudentity

Cloudentity combines Identity for all things with API and Application security in a unique deployment model, combining cloud-transformation and legacy systems.

ISA Security Compliance Institute (ISCI)

ISA Security Compliance Institute (ISCI)

ISCI, a not-for-profit automation controls industry consortium, manages the ISASecure™ conformance certification program for industrial automation and control systems.

SecureThings

SecureThings

SecureThings focus is to provide guidance and technology to secure connected vehicles in order to build end-to-end security for the automotive industry.

CodeHunter

CodeHunter

CodeHunter is a malware hunting SaaS platform designed to detect all variations of malware, known and unknown, without the need for source code or signatures.

Mission Critical Partners (MCP)

Mission Critical Partners (MCP)

Mission Critical Partners is committed to delivering innovative solutions that help our clients enhance and evolve their critical-communications systems and operations.

Ministry of Electronics & Information Technology (MeitY)

Ministry of Electronics & Information Technology (MeitY)

The Ministry of Electronics & Information Technology is an executive agency responsible for IT policy, strategy and development of the electronics industry.

Centre for Cyber Security Research & Innovation

Centre for Cyber Security Research & Innovation

The Centre for Cyber Security Research & Innovation is Nepal's First Academic Research Institute to focus on understanding the overall Information Security of Nepalese Organizations.

Eficens Systems

Eficens Systems

Eficens Systems is a global IT services and consulting company. We specialize in empowering businesses to harness the potential of Information Technology as a strategic asset.

Synergy ECP

Synergy ECP

Synergy ECP has a talented, dedicated staff to provide a broad range of services to the defense and intelligence industries.