The recent findings of the Sophos 2019 Threat Report highlighted how cybercriminals are stepping up their game and are outsmarting and overpowering traditional antivirus or endpoint security solutions. Unfortunately, many Filipino organizations today still think that these suffice as cybersecurity measures. However, these are only equipped to block known threats and can only play catch up with the speed and creativity of ransomware today. An independent global research study commissioned by Sophos actually found that over three quarters (77%) of ransomware victims were actually running up-to-date endpoint security when they were attacked.[1]
In what ways are cybercriminals today more dangerous? The Sophos 2019 Threat Report found the following three emerging cybercriminal behaviors and attacks:
- Cybercriminals are now taking time to get to know you. They are going beyond ‘spray and pray’ style attacks that are automatically distributed through millions of emails, and turning to premeditated and targeted ransomware attacks.These are more damaging than if delivered from a bot, as human attackers can find and stake out victims, think laterally, trouble shoot to overcome roadblocks, and wipe out back-ups so the ransom must be paid.
- They are using your own admin tools against you. They are using Advanced Persistent Threat (APT) techniques to advance through your system and complete their mission – whether it is to steal sensitive information off the server or drop ransomware. In addition, lateral distribution on corporate networks allows cybercriminals to quickly infect multiple machines, increasing payouts to the hacker and heavy costs to victims.
- They are going beyond organizations’ infrastructures and following victims home by unleashing mobile and IoT malware.With illegal Android apps on the increase, 2018 has seen an increased focus in malware being pushed to phones, tablets and other Internet of Things devices. As homes and businesses adopt more internet-connected devices, criminals have been devising new ways to hijack those devices to use as nodes in huge botnet attacks.
To help you stay ahead of these new threats, Sophos has the following recommended cybersecurity New Year’s resolutions for your organization:
1. Implement multi-layered security. This will protect your organization from multiple frontlines. As attackers today become increasingly sophisticated, they use multiple techniques and points of entry to bypass defenses and evade detection. This drives the need for securing not just endpoints such as workstations, laptops, and mobile devices, but also organizations’ networks and firewalls.
While the time, cost and complexity of implementing additional layers of technology can be overwhelming, synchronized security simplifies things and enables defenses to work together as a system to be more coordinated than the attackers. In today’s world of constant and changing cyber-threats, having endpoint and network products communicating with each other and sharing intelligence is more important than ever. Aside from removing the headache of having to deal with multiple endpoint agents, multiple management consoles, and multiple security vendors, this also makes more effective, while making the financial cost of security to the organization easier to manage.
2. Predictive protection is the future of IT security. It allows organizations to protect against the next unknown attack instead of waiting for it to arrive, changing the way IT operations in every organization can protect their users and assets. Security solutions with predictive protection powered by deep learning neural-network algorithms make smarter and more scalable detection than endpoint solutions that use traditional machine learning or signature-based detection alone.
3. Stay on top of your patching, vulnerability scans, and penetration tests.. Security experts estimate that 90% of successful attacks against software vulnerabilities could be prevented with an existing patch or configuration setting.[2]
4. Maintain good password discipline and use multi-factor authentication. Passwords are at the frontline of cybersecurity and can provide a formidable barrier to targeted attacks. Explore creating unique and complex passphrases on your own or getting assistance from password managers. Fortify this barrier by making it a standard to enable multi-factor authentiation. When possible, use app-based options like Sophos Authenticator.
5. Establish cybersecurity protocols with your
team. Restrict RDP (remote desktop
protocol) access to staff connecting over a VPN (virtual public network). For
those unfamiliar, RDP allows organizations to outsource their IT to remote
system administrators. While it can be a helpful cost-effective measure for
organizations, it also has its own dangers. SamSam, a particularly sophisticated
and destructive ransomware known for its ability to put entire organizations
under siege, enters victims’ networks using exploits in internet-facing servers
or by brute-forcing RDP passwords. This is why RDP needs to be
highly-secured. In case a crook has been able to sneak in through an open RDP,
organizations can have another measure of protection if they have back-up files
that are kept offline and offsite.
[1] In late 2017, Sophos sponsored the “State of Endpoint Security Today” to gain a deeper understanding into the state of endpoint security in mid-sized organizations across the globe. This extensive research program explores key areas of development and concern: security breaches, technology usage, attitudes to threats, and future investment plans.
