Cyber threats are growing in size and stature, but system compromises are the new weak spot for businesses

null

With just a month until the year comes to an end, 2017 has seen some of the biggest and most dangerous leaks, hacks, ransoms and attacks of all time. Amongst many others, we saw the NHS hit by WannaCry, the email accounts of UK Parliament members exploited, and Equifax crippled by a data breach that allowed the personal information of nearly 150 million of its customers to be compromised.

Thanks to cyber security threats growing, not just in size, but also in maturity, and cyber criminals showing no signs of slowing down, organisations are busy determining how best to protect themselves against a multitude of risks.

Companies across every industry are aware that they can no longer turn a blind eye to the dangers to their digital and physical business, however the problem is that unless they are taking measures to defend against absolutely everything in the cyber landscape, it’s difficult for them to know where to start.

The new threat on the block

In a recent survey, conducted by the Neustar International Security Council (NISC), system compromises were unveiled as the greatest cyber concern for IT security leaders, with nearly one in four (23 per cent) citing them as the biggest threat to their business.

Interestingly, the exploitation of such vulnerabilities to their systems were selected ahead of financial data theft (19 per cent), DDoS attacks (17 per cent), and intellectual property (IP) threats (13 per cent). Even ransomware – this year’s cyber security buzzword, thanks to the European take-over of Bad Rabbit – came second to system compromises, with just 19 per cent of senior IT professionals worrying about the impact of ransomware.

The same survey also found the majority of organisations (73 per cent), have made changes to the way they protect their business, thanks to recent high-profile incidents, such as the Equifax and Yahoo breaches. These changes included alterations to infrastructure, expanded teams, and outsourcing specific issues to IT pros. There was also reference to improving more traditional strategies, such as firewalls and endpoint AV protection.

Nearly half (45 per cent) of respondents called out targeted hackings as a growing threat to their business, followed closely by general phishing (43 per cent) and ransomware (43 per cent), with organisations repositioning their efforts to protect against such dangers.  

Targeted cyber attacks differ from the general dangers organisations face as they are carried out with purpose. With a specific mark in mind, much resource, effort, and usually a considerable amount of time are involved in both preparing for, and carrying out, the attack. The aim behind these hacks is to effectively infiltrate the organisation’s network, getting hold of valuable, sensitive information and data. While still sitting under the cyber crime umbrella, targeted attacks focus on one, or few, businesses, whereas general cyber-attacks often try to claim as many victims as possible, causing mass disruption and chaos.

Be security savvy

Today, organisations have the technology and talent available to them to make the most of a bad situation. They’re never going to be one step ahead of cyber criminals, but can adjust how they chose to look at things, and give themselves a good head start.

For businesses to effectively secure their enterprise, they need to ensure they understand where the greatest dangers to their business lie, outside of simply the web perimeter. This doesn’t just mean understanding the various departments of an organisation, but getting your head around the infrastructure – the people, the technology and the vulnerabilities. Organisations need to be thinking what part of their business, if compromised, would cause the most damage to the wider company. The next step is to remain constantly vigilant against attacks, even as new threats are realised.

While better security practices are of key importance as part of this process, businesses don’t need to simply invest in more security, but invest in smarter security. Companies often think that spending a lot of money on cyber security means they are immune from any form of cyber crime, when in fact, the most expensive solution is not always the right one.

Although there are currently very few laws in place that directly relate to an organisations responsibility to prevent cybercrime, the likes of the General Data Protection Regulation (GDPR), becoming effective in May 2018, means businesses will be legally obligated to keep customer data safe.

What’s yet to come?

Throughout 2017, hackers have become more prepared, more sophisticated, and more determined to breach organisations through targeted cyber attacks. In order to have the best possible chance at mitigating these threats, business leaders need to ensure their web perimeters are robustly secure, keeping up with the heavily evolving cyber landscape.

Collectively, organisations have access to the relevant data and intelligence needed to run and maintain a secure business model. The real challenge for companies will then be to find out the right way of analysing this data and intelligence, to help them make informed decisions about their cyber security processes.

It won’t be long until we start to see the internet as a localised infrastructure, adding access for organisations as you need and trust them. Whether it’s safeguarding web-facing applications, or encrypting valuable data points and intellectual property, fortifying the most important information to a business should be the starting point. Once the basics are in place, attention should be turned to defending against attacks, before they occur.

With cyber crime estimated to cost the global economy approximately $6 trillion per year on average, through to 2021, businesses simply cannot afford to maximise the possibility of facing a cyber attack, without having appropriate defence mechanisms in place. Even with the use of proactive security measures, there’s a chance of every business being affected, whether a start-up or a multi-billion pound company. This shouldn’t come as a surprise to any organisation, especially in today’s heightened cyber security landscape, but instead come as a warning of what we are up against, and how we can stand the best possible chance at fighting it off.

Rodney Joffe is Vice President and Fellow at Neustar and chairman of NISC
Image source: Shutterstock/BeeBright