Changing MOTIVES and METHODS of Current Age CYBER CRIMES

Donald Young, Chief Information and Operating Officer, Protection 1
167
304
60

Today’s cyber-criminals are highly sophisticated in their approach, netting billions of dollars in profits from unsuspecting or unprotected targets. This new breed of criminals is just as skilled and versed in security matters as experts working directly in the security industry.

To add insult to injury, there is now an unprecedented rise in new threats that traditional security software often fails to preemptively identify. We are finding that many of these emerging attacks can evade existing preventive measures. What’s more, these new threats have increased in complexity, making prevention, detection and remediation even more difficult for traditional security software.

To put the problem into perspective, av-test.org estimates that more than 14 million new and variant malware strains are discovered each month, which means more than 390,000 new incidents a day. While computer viruses are nothing new, and have been around for decades, the methods and motives behind them have changed dramatically.

As we all know, cyber-attacks come in a variety of forms that can include spam, phishing, pump-and-dump schemes, data-stealing Trojans, key loggers and ransomware. Let’s just take ransomware as an example of the magnitude of the problem. While official complaints about the threat to the Department of Justice amounted to only around $24 million in damages in 2015, as you can imagine the dollar amount is probably much, much higher. The FBI estimated that cyber-criminals collected over $200 million in the first three months of 2016, putting the crime on track to becoming a $1 billion a year problem. Late last year, the Cyber Threat Alliance reported that a single piece of ransomware, CryptoWall v3, resulted in an estimated $325 million in damages worldwide over the course of its lifetime. And as far back as mid-2014, the FBI issued a report saying CryptoLocker swindled more than $27 million from users over a two-month period.

  ​Whether you are a major corporation, government entity or a small business operator, a comprehensive cyber-security plan should be a top priority 

What may not be so apparent is the subtle shift in the focus of these attacks. While attacks on major Fortune 500 companies and government agencies are well covered by the press, the fact is that 71 percent of cyber-attacks now target small and medium sized business. The reason—hackers are starting to realize that they can steal as much data from 10 smaller businesses as a single large one, and they are more likely to extract a ransom for data held hostage. The sad fact is authorities just don’t have the resources to investigate these smaller breaches.

Whether you are a major corporation, government entity or a small business operator, a comprehensive cyber-security plan should be a top priority. Just as cyber-attacks have become more complex and sophisticated, so should our approach to combating them. We should start with a layered approach to cyber-security, looking to secure our data on multiple levels starting with the network.

Many traditional firewall applications are based on point-in-time controls that are focused on broad prevention only. Typically, traffic is controlled by a static access list that will govern what traffic makes it in and out of the network. Some stateful firewalls will also monitor the state of connections to prevent out-of-band traffic and flag suspicious communications for a given protocol. Given the rise of bring your own device (BYOD), many non-controlled devices are now ending up on internal networks. So now there is a need to layer the firewall with some form of intrusion detection/prevention system, which is monitoring your network traffic for known malicious or suspicious activity. When looking for network security, Protection 1 recommends adopting a solution that provides continuous monitoring for threats and can apply identity-based and device-aware security policies to network traffic to minimize the attack vectors of your network without compromising performance.

From there, you should move on to the endpoints on your network to offer the next layer of security to the overall IT infrastructure. Endpoint security solutions deliver security at the device and operating system levels, such as computers, smart devices, tablets and mobile, effectively protecting your business and data from what people are opening, saving, accessing and creating, including physical policies on the endpoints by controlling access such as USB ports.

It is imperative that you consider several key points when deciding on what approach will work best for you to protect your devices and data. You should only consider known or trusted brands and download sources when you choose a product that will cover all of your endpoint devices. It’s important to do the research and understand effectiveness of the protection for the cost and performance overhead.

Finally, you should insist on a solution that goes beyond traditional signature scanning. The complex, and emerging, threats that exist today require behavioral-based and process-monitoring technologies, or heuristics, in order to most-effectively combat threats.

Should a breach occur, and the odds are that at least an attempt will be made to breach your systems at some point, a comprehensive disaster recovery and data protection plan should be in place. Part of any data protection or disaster recovery plan is the need for comprehensive backups. This way if an endpoint or device is ever lost, stolen, or in the case of ransomware—maliciously encrypted—the technology available today gives you the ability to remotely recover sensitive data to avoid paying a ransom, or being left with unrecoverable data.

To sum it all up, companies of all sizes and industries are at constant risk and should take the appropriate measure to shore up their defenses.

We have seen many of our clients turning to us to act as their third-party provider of dedicated security networks that we design, implement and most importantly manage and monitor for them 24/7. We also offer SMB organizations a one stop-shop for all of their cyber-security needs including network and endpoint security solutions and disaster recovery programs, along with 24/7 management and monitoring of their systems.

Cyber-threats are a cost of doing business these days, so make sure your company isn’t the one paying the price. 

Read Also

It's a Huge undertaking to do this...

Jim Routh, CSO, Aetna [NYSE: AET]

Is it TIME to PLAY OFFENSE?

Tim Callahan, SVP and Global CSO, Aflac [NYSE: AFL]

UNDERSTANDING CYBER RISK to Adopt the Appropriate SECURITY FRAMEWORK

Tony Cole, VP and Global Government CTO, FireEye, Inc. [Nasdaq: FEYE]