As information security professionals approach the finish line of another year, it’s fair to say the past 12 months have once again been packed with incident.
Cybercrime is no respecter of international borders and doesn’t usually conform to neat 12 month cycles. Taking stock of the biggest trends and stories over the year, however, can be a useful discipline in helping to drive a more strategic way of thinking going forward.
So, what have we learned from 2018?
Email still the number one vector
Email continues to be the number one threat vector this year, accounting for over 80 percent of threats spotted in the wild, according to most estimates. They deliver phishing attempts, business email compromise (BEC) scams, cryptomining malware, ransomware and much more.
Over a third of global organisations Barracuda interviewed for its Email Security Trends 2018 report said they’d experienced a phishing attack. That’s bad news when you consider that 93 percent of all breaches analysed by Verizon featured a phishing element.
Mitigating the risk requires a blend of the technical — including AI-powered tools to better spot anomalies — with the human aspect of cybersecurity. Unfortunately, it’s the latter where firms often still fall down.
Organisations need customisable tools that can help employees spot suspicious emails, voicemails, calls and texts. Combined with a renewed focus on more progressive approaches to staff training, organisations can begin to fight back.
Cloud security awareness rises … slowly
Another thing we learnt this year is that organisations are starting to become more cloud aware, but things are moving at a glacial pace. Recent Barracuda research revealed that although the vast majority of Australian respondents believe cloud security is a shared responsibility, over half claim their on-premise security is better than that offered in the cloud.
It doesn’t need to be this way. The tools exist today to make cloud deployments just as, if not more, secure. Yet according to the survey, just over a third have deployed next-gen firewalls.
As organisations increasingly shift to hybrid cloud environments, microservices and agile DevOps methodologies, they’ll need to “shift left” with security, building it earlier into the app development lifecycle. That means continuous scanning of images pre-deployment as well as run-time protection.
Supply chain risk
Many new innovations transformed the supply chain industry this year, from driverless vehicles and drones improving transportation and delivery; to chatbots enabling orders and returns; and more. These innovations also increase the risk of security vulnerabilities, with more access points for potential cyberattacks – and cybercriminals are finding them.
According to a 2017 threat report from the Australian Cyber Security Centre (ACSC), sophisticated cyber activity against third parties in a supply chain has increased. The extent of the threat is largely dependent on the relationship between the outsourced provider and customer, in particular the extent of the provider’s access to client networks and databases.
The bottom line is that suppliers and partners expose your organisation to huge extra risk. The NotPetya ransomware attack last year demonstrated the damage cyberattacks can inflict on supply chains. Organisations need to do better if they want to stay ahead of the bad guys and on the right side of regulators in 2019.
Counting the cost of ransomware
Despite reports claiming cybercriminals are eschewing ransomware in favour of easier ways to make money by cryptomining this year, it remained a threat for many organisations.
The percentage of Australian businesses hit by ransomware attacks reached its highest point in three years, according to Telstra’s annual security report. The report claims local companies are targeted more than offshore peers due to Australia’s wealthy economy. It also revealed that of the three quarters of Australian businesses that were hit by a ransomware attack, 47 percent paid the ransom.
From a global perspective, the FBI’s most recent Internet Crime Report claims that ransomware contributed to US$1.4 billion in losses last year.
Sometimes you can do everything right in your approach to security and still have something ugly happen — like have your data lost or held for ransom. That’s why there’s one important step you should take to mitigate the risk of data loss. Protect it.
Implement a data protection strategy that not only includes a backup plan, but one that allows for easy recovery as well. Not only will you greatly reduce the attack probability, you’ll have the ability to remediate and quickly recover in the event of exposure.
Regulations start here
Last but not least, it’s been another year of major data breaches and leaks: from the Facebook Cambridge Analytica scandal to Cathay Pacific and Marriott International.
A new development has been the development of several attack campaigns run by groups using the Magecart digital skimming code to strip card details from sites as soon as they are entered. Hundreds of e-commerce firms have been hit, either directly like British Airways, or via third party suppliers like Ticketmaster’s Inbenta Technologies.
IBM research conducted by the Ponemon Institute claims the average cost of a data breach now stands at around US$3.9m, an increase of over six percent from 2017. However, this figure could soon be out of date as regulations like Australia’s Notifiable Data Breaches (NDB) and the EU General Data Protection Regulation (GDPR) schemes kick in.
What happens next could precipitate a sharp increase in compliance spending in 2019.
About the author
Mark Lukie is a senior sales engineer for Australia and New Zealand at Barracuda Networks. He has over 16 years’ experience in networking, security, backup/disaster recovery, public cloud platforms, as well as systems integration. For more information, visit: https://www.barracuda.com/