The one certainty this year has been the unabated flow of cyber attacks.
According to Hackmageddon, which collects infosecurity statistics, there have been 50 such attacks between Jan 1 and 15 2018, compared to 38 in the same period last year.
Depending on which security site, vendor or research one reads, the point is not the number of attacks, but that the attack trend is only going up, up and up.
Clearly chief security officers in 2018 will have to step up with their network protection and malware prevention and detection activities. They should be looking out for ransomware attacks which will be more pronounced this year.
More attacks year can also be expected on the Internet of Things, as millions of devices get connected together. Systems surrounding crypto currencies and blockchains will also not be spared.
At risk too are supply chains of large companies, said Roman Kovac, chief research officer of security firm Eset.
“The chain is as strong as its weakest link. Attackers are trying to use the weakest element in the organisation’s supply network to infiltrate larger companies,” he explained.
Smaller companies which populate the supply chains, he said, usually have rudimentary online security measures which can be easily breached, giving attackers a chance to use them as a conduit to the networks of larger companies where there are more valuable digital assets to steal like personal details of consumers.
There are no simple solutions to this challenge. What is important, he said, is that organisations must “monitor their suppliers and software” so that they are more aware of their risks.
Another way attackers can breach security is through new vulnerabilities made public by whistle blowers who have had illegal access to top secret files from organisations like the National Security Agency of the United States.
These vulnerabilities highlight weaknesses or tools that can be exploited or used to gain access to confidential information or important networks.
Eset’s malware detection engineers are testing thousands of samples of information which can be software, executable files, Web links or different types of data sets, then classifying them into malicious and clean or harmless files. Protection against new forms of malware are designed and then shared with its customers, said Kovac.
Other researchers in Eset’s laboratory look at the entire attack process to understand how a malware launches the attack, how the malware was created, distributed, its targets and how the stolen information is used.
Lessons gleaned from this process allow Eset to understand better new cyber threats which can be shared with industry partners and customers.
Kovac’s advice to companies is that there is no simple solution to cyber threats. Staying vigilant is important but equally crucial is that organisations must be ready with remedial action when they are attacked so that they can recover quickly to prevent greater information or revenue loss.
