2016 was the year of extortion, as ransomware was king, and a major challenge to cyber security. Use of ransomware code jumped 400% between January and September.
We are already into February, and trends are already being reported by the big-name vendors, like Trend Micro. Ransomware is expected to go up by another 25%. Business Email Compromise (BEC) shall grow. Well planned and targeted attacks ae being launched on devices that IT has the least invested in, like tablets and phones. Adobe and Apple vulnerabilities are being discovered at an increasing rate, and their public announcement is undermining the user community that thinks that Apple products are better than Windows based products. Adobe is publicly reporting more vulnerabilities than Microsoft, putting them in the same place as Apple.
Webcams designed to be a part of a security framework are being hacked. The European Union is requiring companies to hire a data protection organization (DPO) or have one internally, but the end of 2016 showed that less than half of all enterprises had one.
Despite the best efforts of folks like TNT and internal IT departments, businesses haven’t adopted a strategy to meet these threats, head on. Our recommendations remain:
- Advanced anti-malware (beyond blacklisting)
- Antispam and antiphishing at the Web and messaging gateways
- Web reputation
- Breach detection systems
- Application control (whitelisting)
- Content filtering
- Vulnerability shielding
- Mobile app reputation
- Host- and network-based intrusion prevention
- Host-based firewall protection
The criminals are getting more targeted and sophisticated with their tactics. They are using social engineering to impersonate bosses, vendors, and clients in order to trick end users into clicking on malicious links and attachments.
Along with the recommendations mentioned above, security experts across the spectrum say businesses are not doing nearly enough employee training to help increase cyber security.
The Network team is hosting an informal, educational workshop Thursday, March 2, 2017 from 4:30 PM - 6:30PM to discuss cyber security. The event includes free drinks, appetizers and time to network as well as the workshop. Seating is limited to 20 participants. Click on the link below to learn more and register.
Post by: Jeff Gaura, President