Cyber Security: The Current State of PlayCyber criminals are becoming ever more sophisticated and resourceful – and are increasingly inclined to lock systems and destroy data as part of their attack process. That’s the top line message from Cisco’s top security experts, who say this sinister activity is just the precursor to a new and more devastating type of attack that’s brewing on the horizon – Destruction of Service (DeOS). Here’s our roundup of the top observations and emerging threat vectors identified in Cisco’s recently released 2017 Midyear Cyber Security Report.
Address IoT vulnerabilities fastWhile the Internet of Things (IoT) holds great promise for business collaboration and innovation, as it grows so too does security risk. Threat actors are already exploiting security weaknesses in IoT devices that enable them to move laterally across networks quietly and with relative ease. Security professionals need to have full visibility of what IoT devices are connected to their network and should move quickly to address IoT security risks before these become impossible to manage.
Don’t underestimate the spyware threatSpyware that masquerades as potentially unwanted applications (PUAs) is becoming a growing issue in corporate environments, with adware, system monitors and trojans on the up as infections become rampant. Warning that spyware can steal user and company information, weaken the security posture of devices and increase malware infections, Cisco’s security experts recommend educating end users about the risks of PUAs and taking action fast to remediate spyware infections on browsers and endpoints.
Malicious email – attack strategies are evolvingEmail continues to be the cyber criminal’s top choice for spreading ransomware and other malware and Cisco notes that the number of ransomware-as-a-service (RaaS) platforms is growing fast. However, business email compromise (BEC) represents an even bigger threat that’s already netted double the amount of money captured by ransomware exploits. Containing no malware or suspect links, BEC messages usually bypass all but the most sophisticated threat defence tools; in the past year, both Facebook and Google have fallen victim to BEC attacks. User education is the first line of defence for tackling BEC fraud. Ensure employees are trained to identify out-of-the-ordinary requests for financial transfers from the CEO or other top executive and make phone calls – to bypass a potential spoofed email – to verify wire transfers.
Check your enterprise perimeter defences fastMobility, cloud and other technology advancements continue to erode the security perimeter enterprises must defend and malicious players are taking advantage of this ever-expanding attack surface. When it comes to enterprise security, cloud is all too often an overlooked dimension. But with hackers working relentlessly to breach corporate cloud environments, open authorisation (OAuth) and the poor management of single privileged user accounts can create security gaps these criminals can exploit.
Concluding thoughts…Investing in automated tools that help security teams stay on top of alerts, gain visibility into and manage dynamic networks, and detect and respond swiftly to true threats is the key to enabling a rigorous cyber security strategy. To keep their organisation safe, security professionals also need to devote time and resources to ensuring they know exactly what is in their IT environment, and that everything is deployed correctly and securely kept up to date.
Download the full report here:
For more information on cyber security give us a call now.
Share this story: [ssba]