You are here
Be prepared for more cyber attacks
THE past year has highlighted that business leaders should assume cyber breaches will hit them.
Within months of each other, large-scale cyber breaches, including WannaCry and Petya ransomware attacks, shook up businesses around the world and reinforced the need to secure critical assets and prevent data loss. Looking beyond traditional desktops and servers, businesses need to start protecting other platforms that are ripe targets for cyber criminals.
The widespread use of mobile devices, and the mainstream adoption of cloud and Internet of Things (IoT) technologies have opened whole new platforms for attacks. Symantec's Internet Security Threat Report (ISTR) Volume 22 revealed that many emerging threats against these increasingly popular platforms were observed in 2016 and this trend is likely to continue.
The insecurity of things
When it comes to IoT devices, many would think of smart watches and smart home assistants including Google Home or Amazon Echo. However, the most commonly targeted device could be something as simple as routers or Internet-connected cameras.
An experiment conducted by Symantec, called IoT honeypot, found a two-fold increase in attempted attacks against IoT devices over the course of 2016. At times of peak activity, the average device was attacked once every two minutes.
Unlike a desktop computer or laptop, which will typically have security software installed and receive automatic security updates, an IoT device's only protection may be an easily guessed default user name and password. Default passwords are still the biggest security weakness for IoT devices, and the most common password tested by attackers is "admin".
According to Gartner, 8.4 billion connected "things" will be in use in 2017, up 31 per cent from 2016, reaching 20.4 billion by 2020. While manufactures should take the lead in the security of the products that are released in the market, it is equally important that businesses are aware of the risks and vulnerabilities these devices are exposed to.
The most noteworthy trend observed through 2016 was the uptick in email malware rates. The rate jumped from one in 220 emails in 2015 to one in 131 emails in 2016. These malicious emails hit businesses of all sizes, commonly disguised as an invoice or receipt with an attachment.
Although a vital communication tool, email is also one of the prime sources of disruption for end users and organisations. This disruption can range from unwanted emails in the form of spam to more dangerous threats, such as the propagation of ransomware or targeted spear-phishing campaigns.
While just over half of all emails (53 per cent) are spam, a growing proportion of that spam contain malware. This increase in email-borne malware is driven largely by a professionalisation of malware spamming operations. Malware authors can outsource to specialised groups that conduct major spam campaigns. The sheer scale of email malware operations indicates that attackers are making considerable profits from these kinds of attacks and email is likely to continue to be one of the main avenues of attack.
Cracks in the cloud
Cloud apps, such as Office 365, Google and Dropbox, are becoming increasingly used to facilitate the sharing of sensitive information between corporate IT systems, mobile applications and cloud services.
At the end of 2016, the average enterprise organisation was using 928 cloud apps, up from 841 earlier in the year. However, most CIOs (chief information officers) think their organisations only use around 30 or 40 cloud apps. The widespread adoption of cloud applications in corporations, coupled with risky user behaviour that the corporation may not even be aware of, is widening the scope for cloud-based attacks. Singapore CISOs (chief information security officers) estimate that, on average, 32 per cent of cloud-based applications used at their company are unsanctioned, or "shadow apps".
This is a major red flag that business leaders should start taking notice of now - especially given that data stored in the cloud could be shared internally, externally, and even with the public. Often, the lack of policies and procedures around how users in an organisation use cloud services increases the risk of cloud app use.
While cloud attacks are still in their infancy, 2016 saw the first widespread outage of cloud services because of a denial of service (DoS) campaign. This serves as a warning about how susceptible cloud services are to malicious attacks. Popular file-sharing apps cannot fully mitigate cyber security risks to this data from employee misuse or account compromise by hackers.
IoT, email and cloud may be new attack frontiers but these platforms combined prove to be lethal, putting business and customer data at greater risk. Many IoT devices gather personal data and rely on cloud services to store that data in online databases. If those databases are not adequately secured then customer privacy and security are at risk. Businesses cannot and should not underestimate the level of risk as this will leave them open to attack from newly emergent threats.
As attackers evolve, there are many steps businesses and consumers can take to protect themselves. As a starting point, Symantec recommends the following best practices:
- Don't get caught flat-footed. Use advanced threat intelligence solutions to help you find indicators of compromise and respond faster to incidents.
- Prepare for the worst. Incident management ensures your security framework is optimised, measurable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
- Implement a multi-layered defence strategy that addresses attack vectors at the gateway, mail server and endpoint. This also should include two-factor authentication, intrusion detection or protection systems (IPS), website vulnerability malware protection, and web security gateway solutions throughout the network.
- Provide ongoing training about malicious email. Educate employees on the dangers posed by spear-phishing emails and other malicious email attacks, including where to internally report such attempts.
- Make sure to monitor your resources and networks for abnormal and suspicious behaviour, and correlate it with threat intelligence from experts
- The writer is senior director, systems engineering, Symantec Asia Pacific