More than 8000 Indian websites were hacked in the first three months of 2016 according to a report given by Communications and IT Minister Ravi Shankar Prasad to the Parliament. A total of 14,363 cyber crimes incidents were reported till March 2016, including fishing malicious code, website intrusion, denial of service, scanning, etc.
With an aim to promote cyber security, the government has launched a malware analysis centre called the Cyber Swachhta Kendra (CSK). A good first step but cyber security is too critical an area for a single stakeholder to drive it. Multiple stake holders need to pitch in, including users. Organizations need to start preparing for what lies ahead. By examining the current and emerging attack trends, you can put measures in place that will dramatically reduce your organisation’s chances of falling victim.
Here’s our take on the five key security trends for 2017:
When managing mobile, MDM is not enough
A study of smartphone users by Internet and Mobile Association of India and Times Internet Limited states that the number of mobile internet users in India had reached 371 million by June 2016, and is on track to cross 500 million users by 2017. As Internet penetration matures, so does the threat of cyber crimes.
Cybercriminals recognise that mobile devices are one of the easiest routes into corporate networks. In a Ponemon Institute study of IT security professionals at Global 2000 companies, 67% said it was certain that their organisation had experienced a data breach resulting from employees’ use of mobile devices for work and reported that a single mobile device malware infection costs an average of US$9,485 in losses and remediation. Comprehensive security for mobile devices and endpoints, therefore, must deal with challenges ranging from system vulnerabilities to root access and configuration changes, repackaged or fake apps to Trojans, malware and network attacks.
As such, a mobile device management (MDM) system, designed primarily to manage user permissions, is no longer enough.
Comprehensive mobile security management requires several building blocks. In particular, secure containers to prevent data leakage between business and personal applications hosted on the same device, and mobile threat prevention solutions, to protect against malicious app behaviors, are essential. The same known, unknown and even zero-day threats that threaten desktops and laptops now target mobile devices – they need to be protected with the same sophisticated security measures both when they leave the network, and when they are inside its perimeter.
Increasingly evasive Malware, particularly Ransomware
Malware is downloaded to corporate networks 971 times every hour, according to Check Point’s latest Security Report, from spam, targeted spear-phishing emails, infected websites and more. This is nine times more malware downloads than 12 months ago. This is happening for two key reasons. First, cybercriminals are becoming increasingly adept at ‘tweaking’ existing malware just enough for it to bypass the signature banks.
Second, some forms of malware, particularly ransomware, are initially injected into organizations via macros embedded in documents, small and innocuous enough to avoid detection, which then download the real ransomware payload once they have been activated on your network – making new ransomware a particularly insidious threat. In Check Point’s latest global threat index, the ‘Locky’ ransomware alone accounted for 6% of all malware attacks during September 2016. That’s over 40,000 organizations hit by ransomware.
Given this, businesses need to reinforce conventional antivirus products with more sophisticated techniques that block suspicious content based on its behavior and source, rather than looking for a threat that has already been recognized.
Adaptive security for the cloud
As cloud-based applications and services become an increasingly important part of many organisations’ IT ecosystems – a study of 500 companies by cloud host Rackspace found that on average, 43% of organisations’ IT estates are now in the cloud – securing corporate cloud environments is a key priority. In fact, security continues to top the list of challenges organizations face with cloud adoption, ranking above legal and regulatory compliance concerns as well as the risk of data loss.
Traffic patterns also change dramatically when businesses migrate applications and data to cloud environments. In virtualised or software-defined environments, up to 80% of network traffic travels internally between applications and various network sectors, and never actually crosses the network’s perimeter protections. As such, micro-segmentation, where different areas of the virtual network, workloads and applications are all logically grouped together and isolated from each other with internal security controls, is essential to protecting business-critical applications and data in cloud-based networks.
Threat prevention, not detection
Detecting threats after they’ve landed on your network is too late: you’re already been compromised. Therefore it’s critical to stop infections from taking hold on networks in the first place. Next-generation threat prevention solutions can stop new, unknown malware, using advanced sandboxing. This provides a safe environment outside your network that mimics an endpoint device and tests traffic so that files containing malware are blocked before they enter the network.
Document sanitization solutions can also further reinforce defenses by removing active code, like malicious links and macros, from all incoming files.
A prevention, rather than detection approach to security is particularly relevant to IoT devices as highlighted by the recent large-scale DDoS attacks using infected IoT devices Given the sheer number of non-IT related devices on corporate networks, including cameras, printers and fax machines, a detection approach simply doesn’t give provide the ability to effectively secure a network.
For example, a detection strategy could allow an infection to flow across the network from a device such as a smart TV, where as prevention approach provides greater protection to even the weakest spot in the enterprise security posture. So it’s critical to stop infections from happening in the first place.
Organisational awareness is critical
Enforcing data security measures and creating proactive security monitoring capabilities are vital for an organization. This would help to maintain a lead over emerging threats and protect their financial, intellectual and customer-related information.
Many of the biggest, most damaging cyberattacks, begin with social engineering. Sophisticated spear phishing attacks can be extremely convincing, tricking employees into giving up login credentials or personal data. Armed with these legitimate credentials, cybercriminals can have a free run of much of the corporate network – all while leaving little to no sign of malicious activity.
This happens at all levels of organizations, with ‘whaling’ attacks against C-level executives on the rise. This type of attack recently cost a global manufacturer over $40 million. And while accidents and mistakes can never be eliminated entirely, regularly-updated employee education about social engineering tactics can dramatically reduce the risk of an attack being successful.
In conclusion, Even though the pace of change seems slow for cyber security in India; the introduction of the Computer Emergency Response Team, to track cyber crime is good beginning making it obvious that the Indian government has started to invest time and money to recruit cyber security experts and partnerships with top international cyber security firms.
Cybercriminals have a vast array of tools and tactics, as well as time on their side. For them, achieving their goals is just a numbers game – it won’t be long before they find a victim. By noting these key trends and taking steps to factor them into your cybersecurity planning, you can significantly reduce the risk of your organization becoming that victim.
By Bhaskar Bakthavatsalu, Managing Director, Check Point, India & SAARC