Like Santa, cybercriminals know when you’ve been sleeping. And according to the latest statistics, they’ve been busier than ever this year to take advantage of it.
The World Economic Forum says that cyber attacks are now one of the top threats in the world, next to climate change and weather disasters. Data from the FBI shows that businesses have already lost $12 billion U.S. in 2018 as a result of email scams.
To keep up with the cybercriminals, organizations should do regular “tune-ups” on their security measures, said Albert Kramer, technical director with Trend Micro at a recent ITWC webinar. “Summer is an excellent time to look at what’s been happening lately, and what you can do about it,” he said.
Here’s what you should worry about in 2018
This year’s trends in security threats are enough to keep you awake at night.
Email is the number one vulnerability for businesses, said Kramer. Trend Micro data for the month of May shows that 83 per cent of threats come via email. “They are very sophisticated attacks, using corporate logos. email addresses and language,” he said. In most cases, the criminals pretend to be company executives and try to convince unsuspecting employees to wire them money. “These are the email accounts to watch,” said Kramer.
Cybercriminals are finding more ways to hack devices, like drones, used in the Internet of Things (IoT), said Kramer. These devices are easy targets because the level of security protection on them is low, he said.
Ransomware continues to be big in 2018, but a new threat is on the rise. Coin-mining malware uses an infected computer’s resources to mine digital currency, making it look like your company is attacking others.
The damages from data breaches this year is increasing, said Kramer. Almost $2.4 million was stolen from a U.S. bank in two separate breaches. In Canada, the CRTC has issued $250,000 in penalties for malicious online advertising, and Nissan Canada has warned over one million customers of a data breach.
Finally, organizations need to worry about compliance with regulations, like Europe’s General Data Protection Regulations, and similar breach notification rules coming under Canada’s privacy laws in November.
The four-point tune-up:
Kramer provided four key recommendations to tune-up your security program:
Patch everything. “If there is one thing I recommend, it’s to make sure you do the patches on all of your apps and operating systems, not just Microsoft,” said Kramer. This reduces the vulnerabilities that hackers seek. Since it can be challenging to stay up-to-date, Kramer suggests that organizations consider virtual patching solutions. These solutions provide immediate protection by using intrusion detection and prevention technologies to shield vulnerabilities before they can be exploited.
You need to have the policies in place to ensure patching gets done, said CISO Michael Ball, an information security advisor. Also, “make sure you upgrade, replace or remove end-of-life software, once patches for it are no longer issued,” he said. “The software is even more vulnerable at that point.”
Improve detection and visibility. Organizations should look at tools such as those for breach detection or automated vulnerability scanning to create insights into their security posture, said Kramer.
Bring in the experts. Consider a managed detection and response (MDR) service, if security is not your strength. Outside experts can evaluate and develop your security strategy.
Increase security awareness. “The weakest link is still the employee,” said Kramer. It’s helpful to give them examples of phishing attacks and the potential impact, he said. Trend Micro provides a free phishing awareness service that allows administrators to launch test attacks and provides test results that can be used to educate employees.
The latest security statistics are worrisome, but as Kramer noted, “Yes, there are bad guys out there, but there are also good guys who are willing to help.”