Story image

Opportunistic cyber attacks most dangerous, says SecureWorks report

17 Feb 2017

SecureWorks’ latest security report shows that there is a way for organisations to fight back against opportunistic cyber attacks. And what’s more, the security industry hasn’t served in the best interests of those it is trying to protect.

The company released its 2017 Cybersecurity Threat Insight Report Leaders: Partnering to Fight Cybercrime this month.

“In essence, the industry has not served the best interests of the organisations it promised to protect. Somewhere along the way—as is true in many other industries— serving customers simply became strong security postures. But none of the layers were ever removed, and the supporting resources to implement processes to tune, monitor and action the output of those technologies was often absent,” the report says.

The report shows that opportunistic attacks account for 88% of all attacks, while targeted threats account for 12%. The company says organisations are putting too much emphasis on advanced threats, when instead there is more risk in commodity threats.

Ransomware also plays a major role in the report, with an average 75% monthly increase in ransomware attacks. There is no specific vertical being targeted, so all organisations should plan for ransomware prevention and response.

“Based on the lessons identified during recent incident response scenarios, actions such as rights minimization, response planning, user education and frequent, segregated backups would have had the most significant defensive impact,” the report says.

It also goes on to state that organisations put too much trust in partners’ and affilliates’ security operations. This is dangerous because there should not be any assumption that third party security is as robust as the organisation’s own strategies.

A Bomgar report found that 92% of respondents trusted vendors completely or most of the time, and 67% saying they trust vendors too much.

“With the rise of breaches attributed to third parties, organisations need to start focusing on the selection and governance of these partnerships, rather than blindly trusting their partners’ security controls. Developing focused and structured relationships will help manage these risks,” the report says.

The company believes organisations must take a strategic approach to security, including characteristics such as:

  • A risk-based strategy formed from identifiable risks
  • A pragmatic strategy that prioritises actions that reduce the greatest risk first
  • Don’t put compliance first: Focus on security, and compliance will follow. It doesn’t work the other way around
  • Put people and processes before tools and technology. Building a culture of security is a difficult task, but inviting people from finance, HR, legal and other areas to discussions can help sell security to the rest of the organisation.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.
Red Box gains compliance boost with new partnership
By partnering with Global Relay, voice platform provider Red Box is improving the security of its offerings for high-value and risk voice data.