2014 will be remembered as a year where the cyber-threat landscape changed. Gone were the days when hackers launched random attacks against businesses in the vague hope that they might strike lucky. Instead they turned their attentions to targeted cyber-attacks against prominent retailers where the pickings were potentially rich. Successful mega-breaches/ intrusions against retailers like Target and Home Depot saw over 100 million combined customer credit cards compromised. But if 2014 was the year of the targeted cyber-attack, what is the security industry predicting for 2015? Well, more of the same it appears.
Last week’s report by security intelligence organisation, TrendLabs, entitled ‘The Invisible Becomes Visible’ outlined their industry predictions on what the security landscape will look like in 2015, and where the greatest threats to security would come from. Unsurprisingly, given the hackers’ successes this year, targeted cyber-attacks featured prominently. The report’s findings did not surprise Joe Caruso, founder and CEO/CTO of New York-based cyber security solutions provider, Global Digital Forensics (GDF): if a strategy is successful, why change it? Speaking to PR Web in New York he said:
“Hackers have so many things working in their favour, from anonymous currencies and “Dark Web” sites which allow them any easy way to turn stolen information into real cash, to the nightmare it is to not only find them, but to have any real success in prosecution and recovery due the global nature of the problem and the tangled mess of foreign jurisdiction,” he said.
“It simply makes the risk versus return quotient too enticing to resist, and it’s businesses that will end up on the hook to pay the piper in the end. But that doesn’t mean businesses have to just take it lying down, they can fight back. The key is tipping the odds back in their favour with a vigorous commitment to information security,” he added.
He said that attackers will always target the areas that deliver the greatest rewards, and will continue to do so until action is taken to plug up the vulnerability:
“The NFL has nothing on hackers when it comes to being a copycat league. When something works well, more and more hackers will try to exploit it until it gets stopped, whether it’s hijacking data by encrypting it and holding on to the key until a ransom is paid (ransomware), or the monumental successes they’ve had by using RAM scrapers to pilfer credit card information right at the point of sale from right under the noses of some of the biggest retailers in the world. Then of course there are the old favourites which are still devastatingly effective: social engineering like targeted spear phishing campaigns, using a third party like a vendor to gain network access or watering hole attacks that can help them exploit specific industries or organisations. It’s all on the table and businesses better come to grips with those realities in a hurry if they want to survive and thrive in today’s digital world,” Caruso warned.
However he also argued that the cyber threat landscape is not a static one. It is evolving every day, and it is incumbent on companies to get the security basics right if they are to fight the good fight effectively. His point is simple- get the right help before it’s too late:
“New exploits are constantly discovered, cybercrime rings seem to be continuously popping up in countries not even on the threat radar a few years ago, and the technologies businesses use are always in flux. Just think about the proliferation of smartphones and tablets over the last couple of years as the BYOD (Bring Your Own Device) phenomenon exploded, and now the “Internet of Things” is creeping into the picture too. Just about every digital convenience businesses turn to in order to make employees more productive open new threat vectors, making life easier for attackers as well. But there are some constants in the world of cyber threats too; hackers typically like the path of least resistance, and the human element will always be the weakest link in the security chain. And that’s what makes covering the fundamentals of cyber security so important. Getting a good handle on the basics alone will help a company thwart over 95 per cent of the threats out there, and that’s what we help new clients do every day, improve their cyber security posture from the ground up.”
If you are concerned about the escalating security challenges and risk management issues facing your business today and would like to take precautions, then why not speak to Krypsys? Krypsys’ services are focused on helping your business assess its security posture against current and evolving security threats and educating you on the risks to which you are exposed. We have a wealth of experience in security projects in both the public and private sectors and have worked with organisations to protect high value information assets such as trading platforms, e-commerce systems, data-centres and cloud services. We also work with leading IT security vendors and specialist consultancies to close the gaps in your own IT security strategy and to assist in streamlining and prioritising your risk management spending.
Whether you’re looking for help with penetration testing and security reviews, or are looking for advice on security compliance and web security solutions, Krypsys can help you. For more information on web security solutions, please contact Krypsys on 01273 044072 or [email protected].