This year has already shown us the significant risk that different attacks present, from employee swindling approximately $1.8bn from the Punjab National Bank in India, to Coca Cola’s insider breach that resulted in approximately 8,000 employees’ data stolen.
All too often, organisations don’t realise a breach has even occurred until it’s too late and the damage is done. We know that threats to organisations are continually evolving. Our digital world is moving so fast that security defences struggle to keep up. But speed of change is no excuse for falling victim. Not with up to three per cent of revenues on the line (the potential fines imposed by the EU GDPR), the employee or customer data, reputation, revenues and sensitive company information at stake.
These are the four threats we have identified as the crucial areas to focus on for the remainder of 2018:
- Ransomware as Service (RaaS) – Cyber warfare is increasingly becoming faster, cheaper and more accessible to the public, so people no longer need to be professional hackers to send malware to unsuspecting entities. They just need to know their ransomware, which is much simpler as it becomes easier to use.The SonicWall Global Response Intelligence Defense (GRID) Threat Network detected 184 million cyber attack attempts in 2017, compared to only 3.8 million in 2015. To say that this shows an exponential growth curve would be an understatement. The international WannaCry cyberattack devastated organisations around the world and some have described it as the largest cybercrime incident ever.
- State Sponsored Cyber Attacks – The increased accessibility of spying and hacking tools makes it easier for nation states to acquire these technologies at a large scale. This approach is a growing method of both a cyber defence and cyber offence strategy. To establish fair competition and peace, the potential threat of cyber warfare must be acknowledged. The European Union Agency for Network and Information Security (ENISA), a centre of information security expertise for the EU, reports that state-sponsored activities including cyber-espionage, non-lawful state surveillance, cyber-sabotage, and cyberwar are all active threats to all governments and organisations. Similar to ransomware, we can see that cyber warfare is becoming the preferred method of attacking other states, given that it is cheaper, less risky and less dangerous than traditional warfare.
- Insider threats – Cyber threats don’t just come from external forces trying to raid the business. Many of the successful cyber attacks that we’ve seen so far this year were the result of an inside threat actor. In fact, malicious insiders pose the highest threat to data security; they work closest with the business IT systems and have access to important data.Whether it’s to exploit privileged account credentials or leak company information, insiders can cause a huge amount of damage. What’s more, not all attacks are deliberate. An employee may fall victim to a spear-phishing attack or accidentally give access to an unknown third-party. The insider threat is nothing new, but the severity of attacks this year alone from these parties demonstrates organisations have more work to do.
- Privileged Access – According to Gartner, the improper governance of privileged access management (PAM) will be the major cause of approximately 60 per cent of data breaches by 2018, compared to 40 per cent in 2015. Moreover, a study of 905 phishing attacks by Verizon, found that 91 per cent were after user credentials.
Privileged accounts are not only made up of employees with direct responsibility for system and network administration, they include vendors, contractors, suppliers who have been granted privileged access to systems within the organisation. In many cases, privileged accounts aren’t even people – they can be applications or configuration files empowered by hard-coded administrative credentials.
If these credentials are compromised, it would allow a hacker to move laterally within a network completely unnoticed. This is a huge risk to any organisation as the hacker could wait months – even years – before attacking the system, and nobody knows they are present in the network.
The most effective approach to cyber security is proactive, not reactive.
Tackling new security challenges head on requires advanced threat analytics to remain agile and be adaptable, alongside the proper governance of privileged access. Restricting access is not a solution; transparency and control are. Centralised administration and the ability to track user sessions, combined with the automation of password management, eases the pressure from individuals prone to error or with malicious intentions.
A shift in how we approach security threats needs to happen, away from fear and doubt, towards a positive strategy to protect the organisation and its customers.