Story image

Opportunistic cyber attacks most dangerous, says SecureWorks report

17 Feb 17

SecureWorks’ latest security report shows that there is a way for organisations to fight back against opportunistic cyber attacks. And what’s more, the security industry hasn’t served in the best interests of those it is trying to protect.

The company released its 2017 Cybersecurity Threat Insight Report Leaders: Partnering to Fight Cybercrime this month.

“In essence, the industry has not served the best interests of the organisations it promised to protect. Somewhere along the way—as is true in many other industries— serving customers simply became strong security postures. But none of the layers were ever removed, and the supporting resources to implement processes to tune, monitor and action the output of those technologies was often absent,” the report says.

The report shows that opportunistic attacks account for 88% of all attacks, while targeted threats account for 12%. The company says organisations are putting too much emphasis on advanced threats, when instead there is more risk in commodity threats.

Ransomware also plays a major role in the report, with an average 75% monthly increase in ransomware attacks. There is no specific vertical being targeted, so all organisations should plan for ransomware prevention and response.

“Based on the lessons identified during recent incident response scenarios, actions such as rights minimization, response planning, user education and frequent, segregated backups would have had the most significant defensive impact,” the report says.

It also goes on to state that organisations put too much trust in partners’ and affilliates’ security operations. This is dangerous because there should not be any assumption that third party security is as robust as the organisation’s own strategies.

A Bomgar report found that 92% of respondents trusted vendors completely or most of the time, and 67% saying they trust vendors too much.

“With the rise of breaches attributed to third parties, organisations need to start focusing on the selection and governance of these partnerships, rather than blindly trusting their partners’ security controls. Developing focused and structured relationships will help manage these risks,” the report says.

The company believes organisations must take a strategic approach to security, including characteristics such as:

  • A risk-based strategy formed from identifiable risks
  • A pragmatic strategy that prioritises actions that reduce the greatest risk first
  • Don’t put compliance first: Focus on security, and compliance will follow. It doesn’t work the other way around
  • Put people and processes before tools and technology. Building a culture of security is a difficult task, but inviting people from finance, HR, legal and other areas to discussions can help sell security to the rest of the organisation.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).