A look at today’s cybersecurity landscape
The cybersecurity landscape has a good news/bad news outlook. The good news, according to new research from CyberArk, is that the vast majority of IT professionals believe we’re making real progress in the cybersecurity battle. That feeling of confidence may come in part from the fact that three out of four IT pros say they are doing a good job at keeping hackers from breaking into the network.
However, businesses still struggling to put best practices in place when it comes to security. Areas such as privileged access, third-party vendors, and even the cloud have weak security oversight.
All of this makes companies vulnerable to hackers, who take advantage of every means possible to infiltrate networks and collect data. Take the Yahoo breach, for example. Although details about the hack that compromised more than 500 million records are still being investigated, it appeared that Yahoo’s executives made customer convenience a higher priority than security. Now, personal information including birth dates, addresses, passwords and even security questions and answers are among the compromised data that have been shared or sold.
In the current cybersecurity landscape, hackers use smartphones, tablets, and the many devices included in the Internet of Things as a way to spread malware. These devices don’t have security included in the hardware or software. All too often, security for these devices is ignored, either by not adding security tools or not creating security policies to cover the devices.
What are our biggest cybersecurity threats?
There may be no bigger threat to cybersecurity today than ransomware. Ransomware as an attack choice is skyrocketing, increasing more than 500 percent between 2015 and 2016. The attacks are evolving at the same time. The days of paying a couple hundred in bitcoins to release the encrypted data may soon be past. More frequently, hackers are only releasing part of the data upon payment and asking for more payments to release the rest. The attacks are becoming more targeted as well. The health care industry is currently the favorite target for the hackers, with reports of 20 data-loss incidents per day.
Ransomware has become such a problem that the FBI has released two separate public service announcements within the past three months. One is to warn against paying ransom, while recommending companies have good data backup and disaster recovery mechanisms in place so they don’t lose any down time or files. The second asks businesses to report any ransomware attacks to law enforcement immediately.
In addition to ransomware, there are a number of other cybersecurity threat vectors and problems for IT departments to be aware of and that we’ll be discussing in more depth in a series of articles. These threats include:
- Distributed denial of service (DDoS) attacks that overwhelm and take down websites
- Mobile malware, especially for Android
- Inside jobs that include both employee mistakes and malicious intent
- Social engineering, particularly with an uptick in spearphishing attacks and using social networking sites as an attack vector
How can I protect my network and data?
Good cybersecurity begins with an understanding of how to recognize security threats and the steps to take to avoid them. Understanding the cybersecurity landscape helps you see what types of threats are presenting the most risk today and how that will evolve into the risks of tomorrow. Training and education for employees will cut down on the accidental insider threat, as well as help your employees become more invested in protecting company data.
Your cybersecurity landscape is going to differ from your business neighbor’s, and depends on factors like company size, industry, and your employees’ security IQ. To protect your network and all of your data, a good place to start is with a Threat Sketch Risk Assessment, which can evaluate your company’s threat landscape and provide you with the information you need to make an accurate risk assessment. Once you understand where your risks are, you’ll be able to build a security system that best fits your needs.
About the author: Sue Poremba. Sue is a Central PA-based writer who has covered cybersecurity since 2008.