Opinion / 30 December 2019, 6:00pm / John Mc Loughlin
CAPE TOWN – The dialogue has already changed drastically from security products and services to new innovations being used by cyber criminals. To prevent being the next victim, one needs to become part of this narrative.
Regardless of what defensive measures security experts put in place, attackers are always capable of circumventing them. There is no company too big or too small to fall victim to a cybercrime and there is no industry that is immune to attack. There is always someone trying to steal company data.
Cyber criminals are constantly infiltrating networks and accessing large volumes of data, putting millions of people at risk. The threats are real and the attackers are ready to attack. However, something stands between them and their prize.
Understanding typical threats and how they have evolved over time, and also which tactics are most likely to be used, can help business leaders manage the risks more effectively and efficiently.
Valuable data migrates as companies move to more affordable cloud-based solutions and cybercriminals then simply move their focus and change their tactics to find and steal the most valuable data. As a result, there has been a corresponding increase in hacking of cloud- based email accounts by using stolen credentials.
It does not mean cloud-based services are less secure, often they are simply not correctly configured to provide resilience to attack. Phishing attacks, credential theft and configuration errors are merely a by-product of this transition process.
Global spending on cybersecurity for 2019 will be in excess of USD $100-billion, this is according to International Data Corporation (IDC). This is an increase of 9.4% over 2018 and it will continue to grow exponentially with new ransomware attacks occurring nearly every 14 seconds.
The security landscape is changing rapidly and companies are struggling to maintain their own in-house security solutions and staff. As a result, they are turning to managed security service providers (MSSPs) to provide a range of security services including predictive threat intelligence and advanced detection.
They really need expert assistance, it is crucial to overcome the security challenges of today as well as prepare them for future attacks. IT decision makers really need to understand the scope and direction of security-related spending today and over the next five years.
Cybersecurity experts may feel attackers are outpacing efforts to stop them, but they have several powerful tools to deploy. The most important defense is knowledge, insight and understanding of the threats they face. Business leaders can take crucial steps to mitigate them and MSSP's can play an important role in providing up-to-date knowledge.
Most security breaches are a result of poor hygiene and a lack of attention to detail. Companies must clean up human error as far as possible and then more importantly, establish an asset and security baseline around internet-facing assets like web servers and cloud services.
Sophisticated code can now capture data entered into web forms, businesses need to consider adding file integrity monitoring on payment sites. They should also add patches to operating systems and coding payment applications.
Security staff should also track insider behaviour by monitoring usage and logging access to sensitive data. They must also make it very clear to all personnel that it is easy to identify fraudulent transactions.
Companies must use strong authentication on all customer facing applications, any remote access and cloud-based email. Multi-factor authentication (MFA) is an extra layer of security so companies should use it.
Finally, social engineering attacks are effective ways to capture personal information, companies should monitor all email for links and executables. Also, teach staff how to identify attacks and rewards your users for reporting phishing and fraud. If your trusted people do not know what they need to look out, how can we expect them to know.
John Mc Loughlin is a cybersecurity expert and chief executive of J2 Software.