Home / Analysis / Security  /  Navigating The Security Obstacle Course Of 2018

Share This Post

Analysis / Security

Navigating The Security Obstacle Course Of 2018

Computer Security

The last few years have seen a veritable explosion in the gruelling fitness obstacle courses such as Tough Mudder. During these events, participants push themselves to their physical limits in the hope of reigning supreme against their friends or co-workers. The consequences of failure? A wasted entry fee, loss of time and, of course, the associated reputational damage and no bragging rights.

The popularity of obstacle races such as these is mirrored in security and IT departments. Today, these teams face an unforgiving and obstacle-filled cybersecurity landscape, full of increasingly sophisticated challenges. A significant difference is that they are unwilling participants and the consequences of failure, in terms of financial and reputational damage, are far more severe.

With 2017 recording a rising number of cyberattacks, 2018 is sure to be a landmark year for the global threat landscape. The fitness of security organisations will be tested by the sheer number of new malware variants and the introduction of new regulatory frameworks, such as the General Data Protection Regulation (GDPR). Smart companies will adopt a disciplined training regime and create a contingency plan to respond to some of the top InfoSec threats expected this year.

Ransomware

Last year could easily be dubbed the “year of ransomware,” with both WannaCry and NotPetya causing massive amounts of damage to organisations worldwide. As a result, organisations have exponentially increased the implementation of cybersecurity solutions that can detect and mitigate against file-based ransomware. In response, cybercriminals have taken actions, too. To protect their revenue streams, cybercriminals are seeding out more file-less ransomware variants. Rather than embed malicious code in a compromised installer or documents, these ransomware variants deliver their malicious code to run in device memory (RAM). 

The only way to mitigate the damaging effects of these clever new strains of ransomware is to have real-time endpoint recovery on every laptop and desktop. By being able to roll back affected machines quickly and easily, companies can recover from an attack in a matter of minutes, rather than days — without having to pay ransom.

Phishing

Phishing campaigns are typically fraudulent email messages that appear to come from legitimate enterprises or someone known to the recipient. The email scams are designed to take advantage of human nature and then deliver a malware payload onto an endpoint, which could potentially spread throughout an organisation. To ramp up protection for businesses, email clients are consistently getting better at identifying suspicious emails that shouldn’t be opened or attachments that shouldn’t be downloaded. However, it is not uncommon for emails to slip through this protective net.

The only way to significantly reduce the risks of targeted phishing campaigns is employee training. The goal of effective phishing training is to prepare employees for the responsibility of spotting and reporting suspected phishing attacks. Adding an element of shock value to the training itself can be an effective way to teach employees this responsibility. For example, organisations can simulate a breach and evaluate how employees respond. Police and military undergo real-life training exercises to put academic learning into practice. Similar methods can certainly be used for enterprise information security. 

Inside Threat

From a boardroom perspective, phishing certainly fits into the inside(r) threat camp. However, phishing represents just one piece of the insider threat puzzle. Employees are widely recognised as the weak point in most security strategies – even though many employees who commit an insider threat activity do so without any intentional maliciousness. For example, employees may share data in an insecure manner or reveal sensitive data after falling prey to social engineering.

Like phishing, insider threat can be countered by offering training programs, whether mandatory or voluntary, and engaging pen-testers who employ social engineering tests to run “spoof attacks.” Ongoing training efforts also can help promote awareness of data security practices across multiple job levels and business lines.

Coupling this training with advanced endpoint monitoring and analytics can be a useful way to identify abnormal data movements. For example, IT can be alerted automatically if an employee starts siphoning off unusually large amounts of data to a private Dropbox account at 3 a.m. The IT team can then investigate the situation to stem the flow of sensitive corporate information before lasting damage can be done.

The GDPR

In May, the GDPR will come into force for organisations that operate from, or conduct business in, the European Union. To comply, companies must ensure that their data protection policies can stand up to close scrutiny in post-breach analysis, otherwise they risk a hefty fine, not to mention the associated reputational repercussions.  

Visibility is a key requirement of GDPR compliance. If an organisation can see how a data breach occurred, prove that adequate steps have been taken to safeguard the entry point, and can successfully mitigate the damage, it can likely prevent a financial penalty. Best-in-class InfoSec solutions should enable businesses to comply with these requirements and modify their security approaches to prevent additional compromises.

Ransomware, phishing attacks, insider threats and GDPR compliance will add up to a sizable set of challenges for security and IT departments in 2018. Fortunately, like even the most difficult obstacle courses, they can be navigated. The key is preparation. With thoughtful contingency plans and the right tools in place for data security and visibility, the chances of overcoming the challenges are greatly improved.

Share This Post

Rick brings to Code42 more than 20 years of deep information security experience. Prior to joining Code42, Rick was vice president and chief information security officer at eBay, led and built a variety of global security programs at Apple (AAPL), and directed global security at Lam Research (LRCX). Rick is currently an active member of several advisory boards focused on new and emerging security technology companies. Throughout his career, Rick has driven meaningful and actionable results across a range of security areas, including global threat management, cyber intelligence, geospatial correlation of data and security operations centers.