Global enterprises in 2016 experienced increasingly numerous, varied and sophisticated security threats. When it comes to ICT – which is how most of today’s organizations operate – the potential risks of attack are enormous. These attacks to integrated mobile devices, apps and network hardware and software can threaten not just data protection, financial stability and company reputation – but even health and safety.
I’ve taken a look in more detail at some current attacks types to be aware of in 2017, the risks – and, most importantly, what can be done.
Ransomware
Ransomware has grown massively over the past year. Some forms of ransomware systematically encrypt files on the system's hard drive, which become difficult or impossible to decrypt without paying for the encryption key – while some may simply lock the system and display messages harassing the user into paying. This can lead to not just large financial losses but massive clean-up operations.
Slow Drip DDoS Attacks
Not only are DNS attacks steadily increasing but there’s also a massive rise in new threats such as ‘Slow Drip DDoS attacks’. This attack makes a victim’s domains appear inaccessible through a flood of maliciously crafted, impossible-to-solve DNS lookup requests – consuming network, bandwidth and storage resources. Not only can cyber-criminals gain access to confidential data but they can also tie up network connections and cause time-outs, resulting in loss of internet service and an increase in customer complaints.
Malvertising
Malvertising is still a fairly new concept, but one that is highly attractive to attackers because it can easily, quickly and silently spread malware across a large number of legitimate websites – without any user action or directly compromising the sites. Malware-laden ads are injected into high-profile and reputable websites – and then seen by millions of users, even the most cautious. This could be the most deadly attack of them all – and it’s growing rapidly.
What Can Be Done: a Multi-Layered Approach
These threats are quickly becoming household names, with security risks plastered across social and media channels. A breach can no longer just be swept under the carpet and disguised to consumers and clients, so what can organizations do to protect themselves?
Simply implementing more firewalls just isn’t going to cut it today. As threats have become more advanced, cunning and aggressive, security technology has had to evolve to combat these issues. An aggressive, multi-layered and proactive stance is required.
This isn’t to say that the basic levels of security aren’t still valuable, but they just aren’t enough by themselves. Security today should be a collaborative effort and what will be key is security software in layers, which learns and adapts from the other layers.
However, even these solutions still require a classification to determine if a threat is really friend or foe. This takes time (that enterprises can ill afford) so what about the truly nasty stuff that aggressively attacks networks quickly and ruthlessly? For this, security platforms need to take a paranoid stance and start to look at pure network activity patterns, base lining every user, server, switch and light bulb to learn what ‘normal’ is, and proactively monitor for any traffic that stands out as abnormal. Once a threatening activity is detected the threat can be isolated from the network and administrators can investigate if the threat is genuine.
Taking this one step further, teaming these User Behavior Analytics (UBA) systems with a software-defined networking solution will allow for the system to move threats instantly to an isolated network location where some productivity can continue without access to the rest of the network, helping to lower the impact of false positives.
Creating these layers of intelligence – from basic malware and antivirus protection through to UBA – is the only way to confront an ever-increasingly complex and innovative threat landscape and develop a robust threat mitigation solution. Here are some examples of how this can work in reality:
Firewalls, Malware Protection and Intrusion Systems
Older versions of browsers can pose a particular hazard because they represent the first line of defense against malicious websites. However, there are various tools available that can whitelist good sites and block bad ones. Users can download anti-virus software that removes malicious software from their systems, use ad blocking software to avoid downloading malware contained in ads and implement specific internet browsers, which can alert them to malvertising campaigns. You don’t just want firewalls in place; you need malware protection and intrusion protection systems as well.
Patching, Data Protection and Recovery Processes
Protecting against ransomware isn’t only possible; it’s potentially easier than other strains of malware. Preventing vulnerabilities from being exploited is an essential way to prevent attacks from being successful, so it’s key to speed up the patching and remediation process. While at the same time putting better data protection and backup and recovery approaches in place not only prevents issues from affecting everyday activity, it can also make the clean-up process much easier.
Vulnerability Management and Security Education
Preventing vulnerabilities is also key to protecting from social engineering attacks – but no single software tool will protect everyone all the time, so again building security in layers is important. These layers can include new technology to quarantine suspected spam and phishing emails, and regular patching and updates to ensure software is as secure as it can be – as well as education and training for staff.
Risk Modelling Technology
Finally, another additional measure is to introduce risk modelling technology: a security discipline that takes an exact model of your network – good and bad– and puts it under constant pressure to help find vulnerable attacks as fast as possible.
It’s all about staying on top of the increasingly numerous, varied and sophisticated threats, and making sure your systems are equipped to prevent, respond to and recover from those attacks. Businesses need to be constantly questioning themselves in every way possible – and this is where software makes it easy to build solutions that incorporate interoperable technologies designed for today’s needs, with an eye on tomorrow’s, to help create a unified security platform.