Top 5 Cyber Security Lessons for 2018
Top 5 Cyber Security Lessons for 2018
Before you start making your 2018 resolutions, it’s time to sit down with your last cup of eggnog and reflect on all that 2017 taught us in the cyber security world…
Spam is War
According to Symantec, spam is not only increasing rapidly, but more than half (54%) of all emails sent are spam. In addition to this, IBM estimates that the number of spam emails containing malicious attachments has quadrupled since 2008. This suggests that spam is still the number one vehicle for most malware and ransomware.
Traditionally, domains registered within 24 hours were trusted by default by most email gateways. The exploit of this was one of the trends we saw this year, with thousands of domains being registered with similar names to banks and government bodies, disseminating malicious emails within hours of being registered.
The biggest lesson we learnt in 2017 was that spam is no longer a product of lone hackers in their basements. This is a highly profitable, sophisticated industry that only seems to be growing. To stay ahead, we need to be constantly reviewing our default defences and adapting very quickly to the changing habits of phishing campaigners. In addition, user education needs to be a priority. Nearly all spam sent via email requires user co-operation to become a threat.
It has to be “Dual Factor”
Hackers are finding new ways to discover passwords every day. Brute force attacks, phishing, manual guessing, key loggers… the list goes on. Although we have implemented tools and controls to prevent these, it’s becoming an impossible task to guarantee password anonymity.
How do we mitigate this? Multi-Factor authentication. We’ve used 2FA from Duo security across our desktops and internet facing applications widely in 2017. In 2018 it is mandatory across our platform. Our aim is to make the password useless on its own to hackers.
Patch quickly! Patch with vigour…
Patching is hard. Producing a list of every endpoint across an estate with over 500 physical offices or pseudo office, having the network access to reach them all, and having a tool adequate enough to deploy all patches is a complex and a pretty colossal task.
According to Cisco, the vulnerability-to-exploit time period has been decreasing steadily. Previously, the vulnerability-to-exploit time could be measured in months/years, giving security teams room to plan (or procrastinate). That gap is now closing to hours/days with huge consequences for falling behind.
Thanks to the highly publicised Wannacry and NotPetya attacks in May 2017, those who do fall behind will have a big price to pay. Wannacry alone is estimated to have cost a whopping $5 billion.
Our advice? Get clean data on what endpoints exist and what their patching levels are, choose a tool that deploys Microsoft and third party applications (we chose Ivanti), and dedicate resources to nail the process.
Calling for backup(s)
Even if you do everything right there is a risk that your data will get corrupted, so everyone needs a strong backup and recovery strategy. As the Sony incident (or Mr Robot plot) demonstrated it must be very difficult if not impossible for a determined criminal to compromise the backups.
“Who has the data, has the power”
If this year’s Equifax data breach was good for anything, it was putting the spotlight on data security. Not only did they expose 145.5 million Americans to the threat of identity theft, they also took weeks to disclose the breach and confirm the data that had actually been exposed. May 2018 is the deadline for the EU’s General Data Protection Regulation compliance, so make sure you’ve got your ducks in a row by then or you’ll face some serious fines!
We’ve been working with Varonis this year to develop next level reporting on data permissions, access logs, folder restrictions, sensitive data locations and more. Our aim is that our customers know where their data is, who can access it, and who has accessed it!
Through 2018, the ability to provide this data could make or break your organisation.
2017 was tough, but if our predictions are correct, 2018 is only going to bring bigger breaches, more sophisticated hackers, and security teams will struggle to keep up if they don’t adapt fast. Cyber crime is big business so we need to be on our guard.