Cisco has released its Mid-Year Cybersecurity Report, which aims to keep businesses apprised of cyber threats and vulnerabilities, and inform them of steps that can be taken to improve the security of personal information, and resistance to threats.
The report is extensive, but some of the major findings relevant to your business can be summarised as follows:
Who is at risk?
- Business Email Compromise (BEC) has become a highly lucrative threat vector for attackers. A BEC campaign involves an email (usually appearing to come from a co-worker) delivered to employees who are in control of accounts or finances, directing them to send funds by wire transfer to a supposed (but illegitimate) business associate. Investigative resources available to cyber attackers, including in some cases artificial intelligence tools, allow the attackers to use social engineering techniques to improve their chances of successfully convincing a target to fall victim to the attack. Major organisations such as Facebook and Google have been victims of BEC campaigns.
- Spyware is more prevalent in corporate IT systems than previously estimated, with 20 per cent of sampled companies showing infection with at least one virus encompassed within the three spyware families selected by Cisco for study. Spyware can steal user and company information, and can increase the broader IT system’s vulnerability to other unwanted attacks, including malware infections.
- Spam emailing has increased since mid-2016, and is being used by cyber attackers in preference to exploit kit activity as a means to deliver ransomware. Ransomware is a type of cryptovirus designed to lock the data stored on a computer until a ransom is paid. Ransomware attacks made headlines in May 2017, as the ‘WannaCry’ cryptovirus began encrypting the data of more than 300,000 computers world-wide. FedEx, Deutsche Bahn, and the United Kingdom’s National Health Service (NHS) were among a long list of notable victims of the WannaCry attack.
- Low-cost resources available to cyber attackers has led to a dramatic increase in the frequency and complexity of cyber attacks over the past year. Businesses should be on the watch for cyber attacks, and should be prepared to respond in the event of a data breach.
- Corporate cloud environments are a target that cyber attackers are ‘working relentlessly to breach’, according to Cisco threat researchers. Cloud networks host vast amounts of corporate information, including personal and financial details, and are more easily exploited by cyber attackers due to the unique vulnerability offered by single privileged user accounts who fail to protect their privileges adequately. On a personal level, cloud environments offer cyber attackers a means to obtain personal data, including photos and contact information, as famously demonstrated in the 2014 iCloud breach. As was the case in that breach, hackers will usually obtain access to a cloud environment using brute-force attacks, and make use of whatever data the breach provides access to. These attacks are difficult to defend against, as the vulnerability lies not in the corporate IT system, but in the proclivity of individuals to take adequate steps towards protecting their account information.
All businesses and individuals are at risk of a cyber attack. However, the Cisco report found that small and medium-sized businesses are less resilient in dealing with the impacts of a network breach than larger organisations. Due to fewer resources available to implement cyber-defence systems and employ IT professionals with specific expertise in cyber attacks, small and medium-sized businesses are usually less able to weather the storm of a data breach or cyber attack, which can carry significant financial or commercial stress.
The type of vulnerability faced by a business depends on its structure. Those businesses that make greater use of cloud networking are likely to be more vulnerable to a corporate cloud environment attack, and may be more focused on the obligations of employees with access privileges. Meanwhile, businesses that operate using a more traditional IT environment may want to focus more on educating employees about spam, cryptoviruses and spyware.
No matter the size of the business, all senior managers and persons managing accounts and finances should educate themselves on the current threat of BEC campaigns. The advent of more sophisticated techniques for studying targets means that businesses will have to implement much more rigorous vetting processes for moving money via wire transfer, even when a request for that transfer appears to come from an internal and authoritative source.
What should I do?
While it is often overlooked and seen as a pedantic step, businesses can strengthen their position against an attack by having security processes and tools in place that minimise the impact of threats and breaches. This may include developing internal policies that deal with management of information, requiring employees gaining access to secure systems to enter into agreements in relation to the management of their account information or privileges, and creating privacy statements dealing with the steps to be taken in the event of a data breach.
The new laws regarding notifiable data breaches
illustrate the importance of properly managing the security of personal information, as well as the importance of properly responding to a potential breach.
Cyber security and the management of corporate and personal information is currently a major focus for businesses operating in today’s modern corporate environment. As cyber attackers become more aware of how to implement social engineering techniques to breach corporate security, and as the resources available to hackers grow in complexity and ingenuity, the risks to businesses of all sizes will continue to grow.
Ensure that you understand the risks and management options available in relation to cyber threats, and make sure that your policies, agreements and procedures adequately manage the legal ramifications of a breach or attack.
The full Cisco Mid-Year Cybersecurity Report can be accessed here