Verizon’s latest Data Breach Investigations Report, announced last month, makes for some sobering reading for infosecurity professionals and business leaders alike.
Analysis of a staggering 41,686 security incidents over the past year finds that cyber-criminals are diversifying, with threats directly targeting the C-suite, utilising web applications, and continuing to leverage devastating ransomware. In 2019, the threat of a data breach is higher than ever, and changing tactics on the part of the criminals requires a new way of defending on the part of the businesses.
As this year progresses, we are going to see a shift in the delivery mechanism of threats and move away from corporate attacks and towards individual, personal attacks. We’ll see social media accounts becoming an entry point for threats and less threats from email infiltration as a threat delivery mechanism. Hackers will target social accounts of people who work for or influence an organisation and a move towards social media accounts as an entry point for threats.
As a society we have become more susceptible to social threats as we have developed our Pavlovian response and dependency on the electronic social format and craving for instant gratification. Our desires diminish our scepticism increasing the likelihood of us clicking or accepting a request for action.
This is further compounded as we integrate more and more of our social networks which in turn leaves us as open to social manipulation through subversion of as our weakest social platform.
For sophisticated hackers, we’ll see a trend that moves away from immediate financial gain and towards housing social data that will be leveraged for social engineering or other social media organisations to generate "fake news" or other elements of "fake advertising". For the hacker this move provides two distinct benefits, firstly it can take place far more easily without anyone discovering that it has taken place.
Secondly, it breaks any direct link between them and the authority that would be seeking them. Going after a bank account or demanding payment to recover data requires them to become known and lead to some degree an electronic paper trail that could lead to their precaution.
But what can be done on the part of the business to defend against these threats?
Businesses should diversify - separate and segregate. By dividing data and services within the business – and not keeping everything in one place – you alleviate the complexity in reporting, management and recovery should your organisations be compromised.
Importantly, don’t rely on just one security vendor to give you all the tools to keep your business secure. Organisations will benefit more in choosing vendors that have security solutions that co-exist and co-support other audit and security platforms deployed across the business for that necessary holistic view.
No organisation can guarantee they have a 100 percent full-proof security plan in place to protect against emerging threats. However, organisations can take more proactive measures to decrease their vulnerability. To do this, organisations from the top-down need to initiate a behavioural change though education, policy and the solutions deployed across the business. If your security teams don’t understand what is happening across the infrastructure, they won’t see when there’s a problem.
Educate teams on a threat and what the call to action should be. Be aware of your patch posture and ensure you have a holistic view of your data centre that gives you timely information to secure your environment. And steer teams in the right way with technology, such as a good policy management practice. Remember, when looking at a potential breach, don’t confuse quantity with quality. One bad Malware is worse than a handful of threats.
Contributed by Colin Truran, principal technology strategist at Quest.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.