"A collapse in the value of cryptocurrencies has made ransomware less profitable, prompting people to find other ways of making revenue from compromises," said Luke Jennings, chief research officer at Countercept, a subsidiary of Finnish cyber-security major F-Secure.
The nature of the incidence and the involvement of organised crime in cyber-crime remain largely unchanged but people have started to figure out new ways to monetise the data breaches they execute, he observed.
"Lots of companies have things of value for attackers. From our perspective, we see companies at risk of being compromised because of that. As long as that stays the case, there will always be a need for preventive, detection and response controls."
Reputation is the biggest concern for companies and often the greatest casualty in the event of a breach, Jennings pointed out. "No one wants to wake up reading the headlines that you have been breached and all your customer data has been compromised."
Also, the damage depends on the scale of operations of the target. "In the case of large factories or oil refineries, the amount of money lost per hour (of disruption) is huge," he said. The bigger you are, the higher the chances of a preventive control to fail.
Having good detection and response function becomes crucial here, because there is a limit for preventive measures, he said. "When the first instance of compromise is detected, you can figure out strategies of pushing back and significantly reduce its impact. That’s one of the areas where people traditionally have been failing."
Classic advice, such as maintaining modern, well-patched software, limiting the scope of legacy equipment, multi-factor authentication, still applies in taking defence steps. Education is an issue when it comes to weak behaviour from those operating the system, he said. "If people realise the consequences of their actions, then yes, they might take different decisions," he said.
Smart devices in the critical infrastructure turn into a point of breach because of the way they are used as well as due to their inherent vulnerabilities, said Mikko Hyppönen, chief research officer at F-Secure Labs. "Most of the IoT and ICS (industrial control system) devices are much more secure, if you configure them correctly," he said.
The crucial step is to segregate your critical assets from everything else as much as possible, said Jennings. "Knowing your crown jewels and understanding the worst-case scenario makes it much easier to protect them."