At the end of 2015, Trend Micro predicted that 2016 will be the year of online extortion. The prediction looked to be accurate as early as the first quarter, and by the year's end, we observed a surge of ransomware incidents that preyed not only individuals but organizations as well, including hospitals, universities, public transit systems, and even law enforcement agencies. 2016 also saw a spate of mega-breaches, showing how repositories of data are not just irresistible, but also surprisingly accessible to cybercriminals.
Based on the incidents we saw in 2016, here are the essential cybersecurity resolutions enterprises need to make in 2017.
2016's most notable cybersecurity incidents highlight the need for organizations to develop a proactive stance against cybercrime. This involves transforming the workforce into security assets instead of allowing them to be potential points of compromise. Here's a few things we can do to patch the holes that allowed some of the year's more impactful incidents:
Bolster two-factor authentication.
2016 may be considered a bad year for password security, based on the string of mega-breaches that led to the leak of mined data—including user credentials—online. Troves of stolen credentials from Tumblr, LinkedIn, Fling, Myspace, andeven Russian social networking site, VK.com were dumped in the cybercriminal underground. The data dumps resulted in the rise of extortion schemes and reused password attacks.
Passwords remain as a go-to authentication method among users because of its convenience and simplicity, but the use of passwords alone as a single gate into online accounts has its downsides. An analysis made by breach notification site, LeakedSource, of the database of leaked MySpace user data this year revealed that the most popular passwords found were “123456”, “qwerty”, “123123”, and “qwertyuiop”, revealing how a significant percentage of users prefer easily-remembered passwords over secure ones.
It is important to implement more stringent password security measures among users connected to an organization’s network to make it difficult for unauthorized parties to find a way in. Teaching employees to use complex, hard-to-crack passwords unique to every online account is one way to prevent compromise.
While passwords remain a principal mode of authentication used by a majority of companies, explore other methods that reduce reliance on passwords to ensure data security such as two-factor authentication, biometrics, tokens, and the like. Security researchers in various tech firms and organizations like the Fast Identity Online (FIDO) Alliance are now taking action on developing simple and standardized mechanisms aimed at changing the “nature of authentication” and addressing problems faced by users on creating and remembering multiple login credentials.
Perform regular and timely application of software patches.
Unpatched applications and servers are often used as a gateway to stealthily push malware into a system. To counter this, take a close look into your company’s patching processes in order to identify and eliminate roadblocks in the timely release and application of necessary patches and updates across all endpoints. An unsealed crack, once taken advantage of by cybercriminals, could potentially cause a lot of damage to an organization.
In November, espionage group Pawn Storm mobilized its spear-phishing campaigns against various government organizations by taking advantage of a previously-unknown Adobe Flash zero-day. The group combined the zero-day exploit with a privilege escalation vulnerability found in Microsoft’s Windows Operating System prior to being fixed.
Vulnerability shielding protects against unpatched bugs and zero-day vulnerabilities to keep the organization’s network secure, especially for enterprises that continue to use unsupported, legacy, or orphaned software. The same goes for your security products. Make sure that all of your defensive tools are updated in a regular and timely fashion.
A good grasp at the events that transpired in the past allows us to get a picture of the foreseeable future. In The Next Tier, the Trend Micro predictions for 2017, the security landscape is expected to not only witness the rise of new challenges, but also age-old tactics taking different forms. Here is a security checklist for securing your organization in 2017:
Keep all possible entry points well-guarded.
This can be done by developing a multi-layered security approach. No silver bullet or one-size-fits-all strategy is good enough to keep known and unknown threats at bay, with threat actors consistently looking for ways to make profit.
Cybercriminals will always introduce new techniques to evade detection, and enterprises should be well-equipped to face this challenge head on by making use of a wealth of technologies available today not just for hardening endpoints but in predicting their next move.
Behavior and integrity monitoring is capable of detecting “anomalies” or unusual system activities happening within the network while application control sifts through a list of non-malicious routines, files, and processes to execute and operate on systems within the network. Machine learning operates by melding human- and computer-provided inputs in order to make quick and accurate decisions about whether files and behaviors found within the network are malicious or not.
A strategically-designed map of assets and resources then allows an IT admin monitor data flow—where it goes and who is granted access to them. Proper network segmentation provides organizations an extra layer of protection that prevents potential attacks from affecting the entire network.
Keep a vigilant eye on new cybercriminal tactics.
The ransomware epidemic has reached an all-time high in 2016, with variants and families introduced almost on a daily basis. While ransomware is believed to plateau in 2017, creators behind it are still expected to diversify their techniques to ensure hitting more potential victims, platforms, and bigger targets.
The sheer simplicity, effectivity, and profitability of Business Email Compromise (BEC ) is expected to gain more traction this coming year. In 2016, successful BEC scheme earned an average payout of US$140,000 per victim, and this hefty sum should continue to pique the interest of more threat actors looking to dupe unknowing victims into performing fraudulent transactions. More stringent policies must then be implemented, including harnessing layers of verification before executing transfers and carrying out transactions.
Business Process Compromise (BPC) has also emerged in 2016, evidenced in the Bangladesh Bank heist that caused a loss of up to US$81 million. BPC works by acquiring a much deeper understanding of processes used by organizations, particularly for its financial transactions. Cybercriminals getting a hand on these said processes could result into unauthorized transfers of payment or goods. This will prove to be an attractive method for threat actors with its speedy and immense monetary returns. Take full advantage of technologies like application control to seal mission-critical terminals.
Build a culture of security within the enterprise.
While employees are considered an organization's biggest asset, they can also be considered its weakest link in terms of security. As 2017 breeds a new age of threats that calls for next-level solutions, one aspect that remains constant is the importance of empowering the workforce to become assets that strengthen enterprise security.
Despite being an old strategy, social engineering techniques persist to this day because of its ability to turn a reckless click into profit for attackers. This year, we observed spam campaigns targeting unwitting recipients in an organization. They used different lures to download a malicious attachment or click on a bad link that leads to a ransomware infection, and even send sensitive enterprise documents, and even millions of dollars to an unknown account—a tactic employed by Business Email Compromise schemes.
As the success of these attacks are largely anchored on the effectivity of email messages to feign its legitimacy and convincing members of the workforce to become unknowing accomplices, it is important to drive information on how employees can sift through legitimate messages and those that are malicious.
Encourage employees to take an active role in keeping the organization’s network safe and secure by alerting, and even freely admitting lapses and mistakes to the IT security team of signs that could indicate compromise. Training employees against known social engineering attacks and treating them as partners in combating cybercrime will tremendously help bolster the enterprise’ arsenal of defenses in 2017 and beyond.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).