Cyber security continues to be a major issue in 2016. Average costs of data breaches where on the rise for the past couple of years and they expected to keep rising. Criminals are finding new angels of attack. Hospitals and legal institutions became the new popular targets for perpetrators looking to steal a large number of sensitive personal data at once. With new threats emerging and some old problems continuing to stay unresolved, we can point out several major latest trends in cyber security:
In February this year, Hollywood Presbyterian Medical Center paid approximately $17 000 in bitcoin to perpetrator holding critical data ransom. Ransomware is not new, but lately it rose to prominence among the cyber security trends due to high effectiveness and increased number of attacks. Cyber Threat Alliance estimates that more than $325 million so far was extracted by perpetrators using the CryptoWall v3 ransomware and this number will only continue to rise.
Cloud Services and Internet of Things
Number of connected devices constantly grows with Gartner predicting that there will be more than 6.8 million connected devices by the end of the year. By 2020, this number is expected to grow to 50 million. However, this new connected world turns out to be poorly protected. Demand for proper security of connected devices is still not there, with perpetrators being able to hack everything from your baby monitor to your smart car.
Cloud services are facing the same problem – they grow faster than they can grow their security. Data is often transmitted with only basic level of encryption, leaving it vulnerable to all kinds of attacks on the way.
Most of our daily communication and business activities nowadays involve smartphones. Number of apps we’re using constantly grows, but security on a lot of them is insufficient. As users, we constantly trade access to personal data for convenience, and this data, transmitted through vulnerable channels, can easily be stolen. And since development for mobile becomes easier and cheaper by the day, it opens doors for creating a huge number of malware.
While most companies are focusing on establishing reliable security perimeter, insider threats are often ignored. Yet, according to IBM 2015 Cyber Security Intelligence Index, insiders where responsible for carrying out 55% of all attacks in 2014. 62% of security professionals saw a rise in insider threats last year according to Insider Threat Spotlight Report and this number continues to grow. Insider attacks are also considered to be the most expensive to deal with, with average cost per incident last year amounting to $144,000 according to Securonix.
Widespread use of shared accounts and almost non-existent control over privileged accounts are major factors contributing to the problem. They make it easy for dishonest employee to steal or damage data. Subcontractors with access to critical infrastructure are also posing serious threat, yet statistics are showing that attacks from within the company are more common.
Other type of insider threat is the user carelessness. Malicious actions performed out of carelessness or by mistake can be really hard to detect and almost impossible to protect from. Another one of the growing IT security trends is the use of social engineering by perpetrators to gain access to the employee’s personal data. Such data often includes credentials, allowing them to attack companies from within.
What you can do
What measures can you take to increase your cyber security? Raising security budget is always a good start. Most companies are critically understaffed by qualified security employees, capable of efficiently detect and respond to incidents. You also need to pay attention to your connected devices. Make sure to secure every second-tier entry points after securing the perimeter. Proper backup practice and backup protection can save you a lot of headache when dealing with ransomware.
Another big point is user awareness. Careless user can leak or damage sensitive data by error, accidentally infect your system with dangerous malware or pave the way for qualified attackers to gain control over your cyber assets. You need to properly educate users on potential dangers and teach them good security practices. Discourage use of shared accounts and legacy software, encourage complex passwords and educate your employees on the dangers of misusing applications.
Insider threats can be the hardest problem to deal with. User monitoring is one of the latest cyber security technology trends designed to counter insider threats. Monitoring software, such as Ekran System, automatically records all user actions on video, allowing you to see exactly what your employees are doing. Monitoring of privileged accounts is almost mandatory, considering the level of access to critical data they have.
It is also important to employ practices for prevention of insider threats. Ekran System helps with this to a great degree, but your company policies also need to take insider threats into account. Risk assessment and security awareness training can go the long way. You also need to watch the behavior of your employees. If they are not satisfied with the job and prefer to stay late or work at odd hours when nobody is around, it is a cause for concern and requires additional security measures.
By being aware of the latest trends and taking your cyber security seriously, you can reliably protect yourself and your company from any threats.