Cybersecurity has an increasing impact on the business and future of organizations.
By Pedro Tavares, Founder of CSIRT.UBI & Cyber Security Blog seguranca-informatica.pt
Cybersecurity is a crucial element these days and it has an increasing impact on the business and future of the organizations. Tools that keep organizations safe against new emerging threats are today indispensable to follow a health doctrine focused on keeping away any cyber-problem. Those tools include Security Information and Event Management (SIEM), Intrusion Detection System (IDS) and Intrusion Prevention System (IPS), Threat Hunting Frameworks, Anti-Malware Services and several solutions based on Intelligence Systems. A new and modern culture is growing and we are now walking on a novel and important pathway.
Words like cybersecurity, cyberterrorism, cyberwar, data breaches, phishing or “fake news” are already part of our everyday life. The weight the Internet has on society is such that it can be used to change democracies. With this, new malicious activities are expected from cybercriminals in 2019.
Cybersecurity and the business impact
The last few years were heavily attacked as a result of the emergence of new types of threats with a higher degree of complexity and difficult to annihilate. A great number of threats like WannaCry, Bad Rabbit, and Presidential Elections in France, USA and Brazil, Equifax and British Airways data breaches, Mage cart APT, and many bad news and cases left the world on alert along 2019. How about 2019 — how will it be?
There is no doubt. The damage caused by these type of attacks on organizations and even on the future of the nations is clearly notorious.
According to Europol, ransomware, carding and skimming and also crypto jacking represent some threats that will continue to give IT professional’s nightmares over the next few years. Ransomware was a kind of attack involving around $11.5 billion — data collected by Checkpoint. Carding and skimming attacks are used to collect card data for later use and manipulation of personal data. The latter threat is related to crypto coins were the bandwidth and processing power of victims is used to mine cryptocurrency without user consent.
From the business point-of-view, the loss of information obtained by crooks represents the most costly component for all companies, whose average is 130 security breaches per year and this number tends to increase in the coming years due to fast grown and sophisticated methods that criminals are using.
Malware and web-based attacks are the kinds of attacks that most hurt businesses, both with global losses of over two billion dollars. Web-based attacks typically include phishing attacks that still are a critical problem; business email compromise (BEC) attacks, where a large number of companies are targeted and with great losses recorded; and all that can be executed with malicious intent via an internet connection.
No surprise, PDFs are the most common attack vector used to widespread malware. Most malware domains, about 60 percent, have been associated with spam campaigns as the email continues to be the preferred channel to reach the victim easily.
Physical security is a topic of interest as well. The impact of cybersecurity on physical security is, in fact, a security top trend. About 30% of industry leaders consider this to be the most striking trend that companies expect to meet in 2019.
In contrast, ransomware will continue to be increasingly sophisticated, using live encryption and packing techniques in an attempt to hide in the operating system process tree. However, a portion of them will be replaced by the miners of crypto coins.
I want to highlight another critical subject: botnets. Massive targeted attacks that will produce bigger and smarter IoT botnets capable to “stop” the critical operations of great companies, including bank, governmental and military platforms, are expected. In recent years the number of devices connected to the internet has grown. These botnets are therefore getting bigger and smarter and operating with strong components based on artificial intelligence. We need to be prepared.
What can we do to be safe in 2019?
There is a set of practices that can be described and that compose the current cybersecurity trends in organizations.
A resilient security perimeter should be built in order to enforce the organization’s defenses (e.g., demilitarized zones – DMZs, firewalls, etc.). Well-segmented networks also need be one of the first preoccupations to maintain the infrastructure away from cyber threats, and Identity and Access Management (IAM) or user rights assigned according to the actual need of the organization’s structure must be managed in a right way.
The implementation of data and device backups is the last resort when data loss happens. It should be supported in policy with the definition of target files, periodicity and retention, and with validation procedures and also recovery tests.
Have a strong password policy shared with all employees is extremely important. Long and complex passwords are the best way to protect accounts and the valuable information available behind the door. The use of other factors of authentication such as, Multi-factor Authentication (MFA) or Two-factor Authentication (2FA) is an additional step that needs to be used.
The principle of the least privilege — employees should only have the information and resources necessary for their daily work, avoiding being used as a guiding wire for access to confidential data and documents of the organization.
Keeping security solutions up-to-date with regularly updating antivirus programs and signatures-based protections, and using protection solutions based on knowledge and behavior is another indispensable measure.
Ensure that all the information is sent in an encrypted channel, for instance, your emails. This can be reducing that it can be obtained in a man-in-the-middle (MITM) attack.
The rule of thumb: all the activity and security events need to be analyzed. For example by using SOC services or tools for this purpose.
And finally, employee’s training still the best way to educate all the organization. Knowledge of safety principles should be passed on to ALL employees, a key step in cases such as phishing.
The number of security threats is increasing and due to that investment in this field is needed, as well as a different mindset and new strategies that can influence and motivate people to fight in this battle.
As a final topic, I would like to say the following: — “Invest and go ahead, be an influencer, and cultivate and educate the people. This is the recipe and the success choice for a stronger and resilient future”.
At the end of the day, the goals are so simple: safety and security.
About the Author
Pedro Tavares is a cybersecurity professional and a founding member and Pentester of CSIRT.UBI and the founder of seguranca-informatica.pt.In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pretesting (Kali Linux), malware, hacking, cybersecurity, IoT and security in computer networks. He is also a Freelance Writer. Segurança Informática Blog: www.seguranca-informatica.pt
Contact me: firstname.lastname@example.org