Companies still struggle with security

Companies still struggle with security
25% of attacks in enterprises will involve IoT devices by 2020

Rohma Sadaqat

Published: Thu 5 Jan 2017, 5:43 PM

Last updated: Thu 5 Jan 2017, 9:56 PM

In an era of increasingly interconnected devices, it doesn't take much for a skilled hacker to avoid detection and launch an attack that can spell disaster for a company.
According to Kaspersky, the world's biggest cyberthreats in 2016 were related to money, information, and a desire to disrupt. They included the underground trade of tens of thousands of compromised server credentials, hijacked ATM systems, ransomware, and mobile banking malware; as well as targeted cyber espionage attacks and the hacking and dumping of sensitive data.
Despite all this, many companies revealed that they still struggle to quickly spot a security incident. Kaspersky's data showed that 28.7 per cent of companies said that it took them several days to discover such an event, while 19 per cent admitted it took weeks or more. A small but significant minority of 7.1 per cent said that it took them months to detect a threat.
"The number and range of cyberattacks and their victims seen in 2016 has put the subject of better detection at the top of the business agenda. Detection is now a complex process that requires security intelligence, a deep knowledge of the threat landscape, and the skills to apply that expertise to each individual organisation. Our analysis of cyberthreats over the years has revealed both patterns and unique approaches. This accumulated understanding underpins our active defense tools, as we believe protection technologies should be powered by security intelligence," said David Emm, principal security researcher at Kaspersky Lab.
There is also a common misconception that security threats only affect computer and laptop users. Kaspersky found that 36 per cent of online banking attacks now target Android devices, up from just eight per cent in 2015. Attackers also made use of the Google Play Store to distribute Android malware, with infected apps downloaded hundreds of thousands of times.
Cybersecurity and employee training is a must
Matthew Gardiner, senior product marketing manager of Mimecast, believes that cybersecurity needs to be on every organisation's agenda for 2017. There's no reason to believe that 2017 will be any better for cybersecurity than it was in 2016, he says. If anything 2017 will be even worse as cybercriminals continue to leverage social engineering and phishing techniques to find new vulnerabilities to exploit, develop new ways to monetise their activities and get through corporate defenses and target individuals.
In 2017, cybersecurity battles favor criminals even more as vulnerable Internet of Things (IoT) devices will continue to expand the possible platforms of attack. Gartner estimates that by 2020 more than 25 per cent of attacks in enterprises will involve IoT devices.
"This past year, we saw cybercriminals becoming more sophisticated, threats becoming more advanced and cyberattacks causing more damage to organisations," he said. "Ransomware will become one of the biggest threats that organisations will need to address, fuelled by an increasing multitude of attackers using off-the-shelf kits and leveraging a vast network of cybercrime service providers to run their ransomware campaigns."
One theme that is still overlooked, but should come into greater focus in 2017, Gardiner says, is that cybercrime is not just about wire transfers and immediate and direct monetisation of stolen information. Attackers are increasingly focused on data mining and will use the data they gather in more advanced future attacks, or sell it on the Dark Web for others to do the same.
In addition, Gardiner also stressed that employee education and taking adequate measures to protect organisations from cyberattacks will continue to be of high importance during the course of 2017.
A Gemalto study recently revealed that 92 per cent of enterprise IT professionals surveyed in the Middle East are concerned that employee reuse of personal credentials for work purposes could compromise security.
Identity theft accounts for 64 per cent of all data breaches across the globe, and consumer service breaches continue to rise, resulting in almost nine in every ten enterprises addressing their access management security policies.
As more enterprises become mobile, the challenges in protecting resources while increasing flexibility for employees working on the move increases. Despite a growing amount of businesses enabling mobile working, 42 per cent of Middle East enterprises surveyed have completely restricted employees from accessing company resources via mobile devices.

More news from Business