Business failing to learn lessons of past cyber attacks, report shows

Business and other organisations are failing to learn the lessons of past cyber attacks, the latest Verizon Data Breach Investigations Report (DBIR) reveals.

The analysis of 2,260 breaches and more than 100,000 incidents at 67 organisations in 82 countries shows that organisations are still failing to address basic issues and well-known attack methods.

“This year’s study underlines that things are not getting better,” said Laurance Dine, managing principal of investigative response at Verizon Enterprise Solutions.

“We continue to see the same kind of attacks exploiting the same vulnerabilities because many organisations still lack basic defences,” he told Computer Weekly.

The 2016 DBIR shows, for example, that nearly two-thirds of confirmed data breaches involved using weak, default or stolen passwords.

The report also shows that most attacks exploit known vulnerabilities that organisations have never patched, despite patches being available for months – or even years – with the top 10 known vulnerabilities accounting for 85% of successful exploits.

“User security awareness continues to be overlooked as organisations fail to understand that they need to make their employees the first line of defence,” said Dine.

“Organisations should be investing in training to help employees know what they should and shouldn’t be doing, and to be aware of the risks so they can alert security teams if they spot anything suspicious,” he said.

For this reason, Dine said it is important for organisations to have the processes in place that make it easy for employees to report security issues.

Phishing attacks

Phishing is one area where increased user awareness could help, said Dine, especially as the use of fraudulent emails to steal credentials or spread malware increased dramatically in the past year.

“If we could reduce phishing through user awareness training, we could probably reduce a lot of the other stuff as well because many of the attacks start with a simple phishing email,” said Dine.

The study shows that 30% of phishing messages were opened – up from 23% in the 2015 report – and 12% clicked on malicious attachments or links that installed malware.

In previous years, phishing was a leading attack pattern for cyber espionage, but now features in most cyber attacks.

According to Verizon researchers, this technique is amazingly effective and offers attackers a number of advantages, such as a very quick time to compromise and the ability to target specific individuals and organisations.

Human error cause of most attacks

Underlining the importance of user awareness and the human element of security, the report shows that human error accounts for the largest proportion of security incidents, with 26% of these errors involve sending sensitive info to the wrong person.

 

Source: computerweekly.co-Business failing to learn lessons of past cyber attacks, report shows

Advertisements

IoT to play a part in more than a quarter of cyber attacks by 2020, says Gartner

More than 25% of cyber attacks will involve the internet of things (IoT) by 2020, according to technology research firm Gartner.

And yet, researchers claimed IoT would account for less than 10% of IT security budgets and, as a result, security suppliers would have little incentive to provide usable IoT security features.

They also said the decentralised approach to early IoT implementations in organisations would result in too little focus on security.

Suppliers will focus too much on spotting vulnerabilities and exploits, rather than segmentation and other long-term means that better protect IoT, according to Gartner.

“The effort of securing IoT is expected to focus more and more on the management, analytics and provisioning of devices and their data,” said Gartnerresearch director Ruggero Contu.

“IoT business scenarios will require a delivery mechanism that can also grow and keep pace with requirements in monitoring, detection, access control and other security needs,” he added.

According to Contu, the future of cloud-based security services is, in part, linked with the future of the IoT.

“The IoT’s fundamental strength in scale and presence will not be fully realised without cloud-based security services to deliver an acceptable level of operation for many organisations in a cost-effective manner,” he said.

Gartner predicted that by 2020, at least half of all IoT implementations would use some form of cloud-based security service.

Read more about IoT security

Although overall spending will initially be moderate, Gartner predicted that IoT security market spending would increase at a faster rate after 2020, as improved skills, organisational change and more scalable service options improved execution.

Gartner predicted global spending on IoT security would reach $348m in 2016 – just 23.7% up compared with 2015 – $433.95m in 2017 and $547m in 2018.

“The market for IoT security products is currently small, but it is growing as both consumers and businesses start using connected devices in ever greater numbers,” said Contu.

“Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, up by 30% from 2015, and will reach 11.4 billion units by 2018. However, considerable variation exists among different industry sectors as a result of different levels of prioritisation and security awareness,” he said.

Source: computerweekly.com – IoT to play a part in more than a quarter of cyber attacks by 2020

How current industry mega trends tangibly affect the EUC industry. Part 4: Security

This is the fourth (and final) article in a series detailing several industry “mega” trends that I see in EUC today. The first article was about Hyper-Convergence, the second was about Application Management (Layering), and the most recent was about Cloud.

In this article I want to discuss another trend, ‘Security’, and how it will have an impact on our industry today and tomorrow for the bulk of our use cases across the world.

Boring and Invisible – Yet Important

Security is a difficult subject. If there’s too much of it then it is annoying, but if there is too little then bad things happen. Let’s face it: traditionally our End User Computing industry has had relatively little to do with security (*ducks*). I mean, outside of the virus scanners on PCs it really was not a big part of our [EUC] life. Of course there are the brave souls who dare to run antivirus on shared hosted desktop platforms or even hypervisors, but for the most part the job of security was left for the ‘firewall guy’. Well, you and the firewall guy need to have lunch together (often) because the world is changing rapidly.

Omni-Connected

One important factor is that the Enterprise IT world is becoming more and more connected. Where the firewall used to be the boundary of the Enterprise perimeter, this is no longer strictly the case. Think about it: with the ever increasing consumption of cloud services / SaaS applications in enterprises a larger portion of the stuff that IT is tasked to protect moves out of their network.

Don’t take my word for it. The segment called CASBs (Cloud Access Security Brokers) focuses exactly on this problem and has been exploding (in a good way) recently. Next to CASBs, there’s also the segment of more ‘traditional’ security vendors, which have all been trying to grow beyond firewalls for a while now. Much of this all revolves around the fact that all malware or other malicious ‘stuff’ in your network have one thing in common: at one point or another this malicious content will attempt to communicate outside of your network – either to phone home, spread, talk to other ‘members,’ or whatever. That’s where the prime detection possibility is and that is where a lot of the new focus will be.

Cybercrime

Another important factor is the rise of Cybercrime. Cybercrime is growing fast and getting more and more organized, both for pure monetary reasons but also for political and religious reasons. Whatever the reason, the effect was already witnessed in 2015: an unprecedented amount of high profile attacks have occurred and the year is not over yet (plus a lot of hacks are going on right now that have not been discovered yet, I am sure). Hacks ranged from those that were high profile financial services to prisoner records. Ransomware and Cryptoware are no longer just a problem for singular users. Companies are being targeted more and more, which is costing enterprises a ton of money. This survey showed that the average annual cost incurred by affected enterprises globally now stands at $7.7 million.

Cybercrime budgets are also one of the few budget categories that are increasing. For example, in 2016 the Cybercrime (CDM) budget for the US government alone is $14 billion. In a similar fashion, the UK plans to double its cybercrime budget over the next 5 years. Finally, an additional important accelerator will be that legislation, especially in EMEA, will become even stricter in terms of who is held liable when a hack occurs. The simple fact is that a lot of organizations are not well equipped (yet) to deal with this new world, and that’s why we will see security have a big impact on End User Computing in 2016.

Security at the EUC vendors

When it comes to security, I think that are a couple of types of vendors in our End User Computing market that you will see creating or expanding their offerings. For the EUC Big 3, Microsoft kind of already made the first move when they acquired Adallom for $320M in September. I say “kind of” because while you may not directly work with this technology, you probably will indirectly. Security is also part of the bigger VMware proposition–it’s actually one of the five imperatives the CEO has for the company. I have not seen a specific security product (capability) from the EUC group at VMware, but I am sure we will in the next year (NSX is an example that is very close to VMware EUC already). As for Citrix, it would be no surprise to me if Citrix jumps on the security bandwagon as well (outside of the classic security benefits that ‘centralized computing offers,’ which aren’t unique to their products). Still, I have seen no major initiatives there yet, which kind of makes sense since they are rationalizing their product portfolio.

Another category is the User Environment Management (UEM) vendors. Two that come to mind for me are AppSense and RES Software. They’ve had some security capabilities in their products for a while now, and seem to be adding to them a lot more as time goes on (a trend that I think will continue).

I also think there’s also great potential here for the more traditional End User Computing monitoring and analytics products to help their customers with these problems. That is actually quite important to realize–to be able to protect and secure the workspace you need to have detailed insights into that workspace. Since most of the workspace today is still Windows based, the current End User Computing monitoring and analytics products are in a great position to start providing these security services. Lakeside Software, for example, recently added a specific security capability in their Systrack product, and I am confident we will see some more security related developments from the End User Computing monitoring and analytics vendors in the next year.

Source: Brianmaidden-How current industry mega trends tangibly affect the EUC industry. Part 4: Security by Michel Roth

UK tops global cyber crime hit list

UK based criminals were the second highest originators of cyber crime attacks after the US in the second quarter, according to ThreatMetrix

UK is the top target for cyber criminals with UK businesses targeted more frequently than US counterparts, a study has revealed.

Apart from local threats, criminals in Nigeria, Germany, the US and Mexico lead the way in attacking the UK, according to a study published by security firm ThreatMetrix.

But UK-based criminals were the second highest originators of cyber crime attacks after the US, according to the study, which is based on more than a billion transactions monitored each month by the firm’s Digital Identity Network.
The study shows that online commerce worldwide has been particularly badly hit by cyber crime. Fraudulent attacks rose 20% in the second quarter of 2015 in which ThreatMetrix blocked 36 million fraud attempts estimated to be worth £2bn.

Account creation fraud was the highest risk, accounting for nearly 7% of transactions blocked by ThreatMetrix, while account login risk was lower at 3%. But ThreatMetrix said that, because there are many times more login transactions processed, this represents a significant account takeover or hijacking risk.

The study also found that cyber criminals targeting financial institutions are particularly focused on the online lenders. Attacks spiked significantly in the second quarter and focused mainly on new accounts originations and payment disbursements.

Online lending is a rapid growth industry because it provides an easier way for the unbanked and underbanked to gain access to loans in a matter of days – making it a top target for cyber criminals.

According to ThreatMetrix, major UK peer-to-peer lender, Zopa, has issued £829m in loans since it started ten years ago.

“Online lending is a hotbed for fraud because it is a less secure channel designed for the unbanked and underbanked population an attractive target for attackers,” said Stephen Moody, European solutions director at ThreatMetrix.

“The more businesses and consumers turn to the digital space to store and manage their financial information, the greater the opportunity for fraudsters, and ensuring digital identities are effectively protected should be high priority for everyone,” he said.

Cyber crime is a well organised global phenomenon, said ThreatMetrix, with criminals fast adopting new technologies and tactics to attack businesses.

With sophisticated technology and strong knowledge-sharing across organised crime rings, nation states and decentralised cyber gangs, the security firm said these cyber criminals continue to attack traditional and non-traditional sources of consumer data to stitch together identities that can exploited.

Criminals hiding in the noise

Mobile now makes up one third of all transactions analysed by ThreatMetrix and is the biggest emerging opportunity and risk for businesses and financial institutions trying to deliver frictionless experiences to their customers, the company said.

“The more mobile transactions you have, the more opportunities will arise for fraudsters to conduct spoofing attacks or identity theft, by increasingly impersonating other devices to facilitate attacks,” said Moody.

“With consumers constantly on the go, they prefer iPhones over iPads after work and at the weekends – people’s digital behaviour is changing and this provides new opportunities for fraudsters to hide in the noise,” he said.

While UK-based e-commerce sites also experienced a spike in fraud attacks in the second quarter, attacks on financial services remained steady and attacks on the media industry saw a fall compared with the first three months of 2015.

However, attacks on the media industry are still fairly high, accounting for 11.4% of transactions blocked – more than double the rate in the US. According to ThreatMetrix, media sites are often targeted as testing sites for stolen credentials.

Source: computerweekly.com-UK tops global cyber crime hit list by Warwick Ashford

2015 Cyber Threats and Trends: What You Need to Know to Protect Your Network Data

2015 Cyber Threats and Trends: What You Need to Know to Protect Your Network Data

Defending an enterprise today is a more complex and challenging task than ever before.

Our personal and professional attack surfaces have never been greater, and they are only expected to grow as organizations and individuals continue to increase their reliance on the digitally connected world for a variety of tasks. Security practitioners must not only protect their enterprise assets, but also guard against threats to their supply chain and other business ecosystems. These threats, coupled with the cyber threat landscape’s continuous evolution in terms or actors, tactics and motivations, have created a situation where organizations must now move toward an intelligence-driven, holistic security approach to keep pace with the rapid changes in attackers’ tactics, techniques and procedures (TTPs).

Download this whitepaper at: Verisign-2015 Cyber Threats and Trends: What You Need to Know to Protect Your Network Data

Cisco Midsize Cybersecurity Infographic

You face unprecedented challenges to protect your midsize business from cybersecurity threats. New trends such as mobility and cloud are changing how you need to secure devices, data and your network.

To deal with these challenges, you need a smart, scalable threat-centric security model. This model needs to provide cost-effective threat remediation and support standard security policies and controls.

Cisco can help. We deliver intelligent cybersecurity for the real world. Our threat-centric approach reduces complexity while delivering superior visibility and control—saving you time and reducing costs.

Download Infographic at: http://www.findwhitepapers.com/force-download.php?id=47507

Getting Serious About Cybersecurity

Hack attacks have been in the news for a while. But the most recent headlines seem to indicate that hackers are far outpacing security efforts to contain them.

In the last week, we have learned that a major health insurer was compromised, possibly exposing the data of 80 million health accounts. Data relating to medical patients is very sensitive, and the number 80 million is staggering in scope. And there have been indications that other health insurers might be vulnerable, meaning that 2015 could be the year of health insurance hacks.

On top of that, we just learned that “Anonymous” hackers have attacked the website of the President of the European Parliament. So, this tells us that not only is medical information unsafe, but government officials are not able to protect themselves from hackers.

In this troubling climate, our White House has just announced its intention to create a new agency referred to as the Cyber Threat Intelligence Integration Center. The purpose of the Center is to share intelligence across agencies to thwart cyberattacks.

At first blush, this may sound like a positive development. But on further reflection, one may question why such sharing and governmental coordination has not happened to date, especially given that successful hacks and cyberattacks have been public knowledge for years.

Fortunately, we have not witnessed a true national catastrophe resulting from a major cyberattack crippling any one of a number of our country’s mission critical systems. That, however, should not lead us into continued complacency.

Significant dedication of resources in terms of skilled personnel, creative brain power, and serious funding are required in an attempt to catch up and then get of ahead of the curve when it comes to potential Internet crime, terrorism and warfare.

Source: Mondaq-Getting Serious About Cybersecurity  by Eric J. Sinrod