Trouble may be lurking in your network
Data breaches are on the rise. According to a recent Ponemon Group/IBM study, the average cost of a data breach was nearly $3.79 million in 2015, and that amount is predicted to increase exponentially in the foreseeable future.
In the past year, we witnessed major commercial and government organizations receiving alarming cybersecurity breaches and attacks. Well-known organizations such as Home Depot, T-Mobile/ Experian, Ashley Madison, Sony Pictures, Anthem, Premera Blue Cross, the Democratic National Committee, and the Federal Government’s Office of Personnel Management experienced cybersecurity issues. Even the IRS wasn’t safe from attack. Despite the fact that these organizations had specialized degrees of preparedness and cyber protection in place, they still fell victim.
Organizations today are faced with preparing for and defending against attacks on everything from critical infrastructure to medical devices and beyond.
Almost 6.8 billion connected devices are in use in 2016; up 30 percent from 2015. It is forecasted that by 2020, this number will increase to more than 20 billion connected devices. In other words, for every human being on the planet, there will be between two and three connected devices. The popularity of smartphones and tablets presents one of the biggest risks within the category. These devices are attractive to cybercriminals because they dramatically expand the number and variety of potential attack vectors, including malicious apps and websites as well as mobile payment systems like Apple Pay and Samsung Pay.
As cybersecurity breaches continue to increase in size and frequency, organizations should be prepared to address the growing need for threat deterrence and remediation. Focusing on the following key areas will provide resilience and greater peace of mind.
Out with the old
Roughly 44 percent of the breaches faced by organizations are related to outdated hardware, end of life equipment, or outdated software versions. These vulnerabilities are easily exploited by cybercriminals.
Understanding your core assets and what version you have deployed is crucial. Hardware and software assets must be patched regularly, and expertise is needed to ensure configurations adhere to “best practices” to prevent hackers from an easy entry point.
A robust security assessment can provide the level of discovery detail necessary for an organization to take action and understand the true level of protection needed. These assessments provide critical information – especially in regard to outdated products – and give valuable outside perspective on creating a deeper, tighter security profile.
The easiest way for cybercriminals to gain access to your organization’s sensitive data is by duping an unsuspecting individual into handing over the keys. Phishing attacks, often referred to as “spear phishing” or “social engineering,” are growing and becoming more sophisticated. These official-looking messages that appear to come from a reliable source are utilized to gain access to your systems or to deploy malware/ransomware that expose the organization to a future risk.
Attacks can enter an organization in a number of ways. Whether it’s through a malicious email attachment or an unfamiliar USB drive inserted into a computer, phishing attacks can cause extremely expensive or irreparable harm to an organization. If these attacks successfully target executives, they can wreak havoc, potentially exposing competitive or other sensitive company data.
Educating potential targets about the dangers is not enough to stop it. You need a combination of real-time monitoring and scanning systems with protective blocking capabilities to provide the depth of prevention necessary to thwart such attacks.
Head in the cloud
Today, more and more, companies are relying on cloud-based applications and services that reside outside the traditional IT data center. That opens up the possibility of IT departments losing oversight and control of corporate data and intellectual property.
While security remains the number one obstacle in the adoption of cloud computing for businesses and government agencies, employees may be bypassing internal IT to utilize cloud services and applications. In the process, they may also be bypassing critical security protocols and systems.
As the trend of pushing the IT landscape toward cloud applications and cloud infrastructure continues, malware and ransomware are evolving to provide a way for hackers to remotely attack public and private clouds and access corporate networks.
The good news is that the cloud also presents tremendous opportunities for modernizing, locking down, and securing their data. Cloud security solutions protect applications and data from new critical threats like ransomware, which can cause significant business disruptions. Zones security solutions offer a stronger, more focused approach to securing physical, virtual, cloud, or hybrid environments.
Talk is cheap
As hackers become more sophisticated, they are identifying and exploiting new points of entry into the corporate IT infrastructure. unified communications (UC) may represent a unique security challenge for many businesses.
UC brings together telephony, VoIP, video, chat, email, and collaboration capabilities into a single, unified environment that supports both on-premises and remote users. Because UC integrates disparate technologies, is no surprise that it also has the potential to expand attack surfaces and present new opportunities for bad actors.
VoIP and UC platforms have the potential to open the door for attackers to steal service, harass and disrupt, sell unwanted products and services, steal information, and eavesdrop on private conversations. With the majority of hackers focusing their attention on easier penetration points such as the network, email, and end-point devices, UC remains a relatively new target. However, as organizations continue to enhance their UC profile and rely on it for day-to-day operations, the UC platform will start being viewed not as end-points but as a significant entry point for intruders.
We hear you
With mobile penetration nearing 100 percent, virtually every business can expect that its corporate information is being accessed remotely by mobile devices or mobile applications. This opens up more opportunities for attackers to access enterprise assets as well. It also allows them to interact with corporate data and even collaborate with their colleagues.
With an ever-increasing number of mobile devices, wearables, and embedded medical devices streaming into the workplace, the challenge for organizations will continue to be securing a moving target.
As the number of mobile devices continues to grow, malware is sure to follow. The number of unique mobile malware viruses rose from 6,000,000 to over 12,000,000 in a two-year period, as attackers continue to turn their focus toward mobile devices.
As businesses continue to embrace the mobility – and more specifically the “Bring Your Own Device” or BYOD movement – this growing threat vector represents a potential security nightmare for IT professionals.
It’s important to remember that the core threat isn’t employees or visitors using their own devices, but that devices are mobile and can connect from virtually anywhere, putting them in jeopardy.
In other words, mobile’s greatest benefit is also it’s greatest risk.
The critical point to understand is that an increase in mobile devices increases the chances of a breach. That means companies should accept the fact that it’s probably going to happen. There needs to be a focus on understanding what to do when a breach occurs – and how to mitigate it before serious damage is done.
Pay up or else
Ransomware is malicious software that infects a victim’s computer, locks up files, and demands payment in exchange for regaining access. Ransomware typically propagates as a Trojan, entering a system through a downloaded file, embedded email attachments, or through a vulnerability in a network service.
The latest ransomware attacks can worm their way through the network to other computers, networked drives, and cloud solutions to affect files and data being used by an organization.
Ransomware typically falls into two variants, encrypting and non- encrypting. Both variants will either encrypt the data and files or lock the computer entirely, rendering all data inaccessible until the ransom is paid – usually through Bitcoin services.
In light of who you’re doing business with in such a scenario, there’s no guarantee that payment will allow you to decrypt your data, or that your data hasn’t already been sold on the open market.
Common examples of ransomware attacks in the news include CryptoWall.v3, CryptoLocker, CryptoLocker.F, TorrentLocker, Reveton, to name a few. With proper training and education of the workforce, ransomware can be managed with real-time security protection and sandboxing technologies, as well as robust back-up procedures.
Stay a step ahead
While the technologies required to protect your infrastructure and data may be complex, the philosophy behind them is simple: Expect the worst. Enterprises need to formalize threat protection strategies and plan for a likely attack. IT must increase overall threat awareness and should ensure that users do so as well.
The security team at Zones can help with the assessment, design, implementation and management of security infrastructure and procedures for organizations of every size. Our team of experts stands ready to help you address everything from phishing to cloud vulnerabilities, and UC to mobile. Because when it comes to cybersecurity, the best defense is a great offense.
This article originally appeared in the Fall 2016 edition of Solutions by Zones magazine.