The increasing cyberattack surface

Technology is always growing, particularly within the workplace. This is a good thing: It means progress is happening, and for businesses that adopt technological developments, it usually spells progress. However, the problem of cybercrime complicates matters somewhat. Just as organizational tech solutions are evolving, so too are the hackers who are always looking to carry out malicious intrusions. It’s not a pretty picture. The fact is that cyberattacks will only grow more common in the coming years – and not only that, but they’ll also rise in sophistication and scale. It’s a problem that no company can decide to ignore.

The first part of the problem: Businesses
Interestingly, the primary contributing factor to the elevating attack surface involves what businesses are doing – or, more accurately, what they aren’t doing. As Jon Oltsik highlighted in an op-ed for Network World, businesses are increasingly ill-equipped to deal with the many threats that can possibly pervade enterprise networks. The main issue is that while cybercrime has advanced, company approaches to defending against it haven’t. These are some of the ways organizations typically set themselves up for attack as far as hackers are concerned:

• Not educating staff in best cybersecurity practices: A business’ cybersecurity plan cannot begin and end with its IT department. That’s not realistic in an age when employees are accessing the company network all the time. Enterprises make a huge mistake in assuming that staffers have a baseline level of cybersecurity knowledge, when in fact this is almost never the case. As a result, many corporate breaches happen due to a single weak link – an employee who leaves his or her company-connected smartphone on the subway, or another who inadvertently downloads a phishing scheme.
• Using outdated endpoint security measures: Endpoint security, like the threats it guards against, is something that evolves. After all, yesterday’s computer security solutions weren’t built to handle next year’s threats. One common issue with businesses that secure their infrastructures is that they don’t take the proactive step of updating those security solutions. Thus, they’re left with a set of tools that may have been viable in years past, but which are no longer equipped to handle the malware sphere.
• Assuming that you won’t be the next victim: All too often companies operate with a stunning presumptuousness when it comes to cybertattacks. The prevailing feeling among many businesses is, “We haven’t been attacked yet, so we must be good.” This is such misguided thinking, and yet it’s present at organizations spanning industries. This problematic line of thought all but ensures that in fact you will be the next victim. After all, the most complacent businesses are never the ones with the cyber security software required to keep attackers at bay.

​The second part of the problem: Actual threats increasing
Even for the most prepared organization out there, the cyberattack surface is getting harder to handle. That’s because strains of malware are growing in complexity as hackers devise new and more innovative tools for carrying out their dirty work. Here are a few of the ways the malicious sphere is expanding these days:

• Evolution of targeted attacks: Targeted attacks are becoming the new norm. Whereas in the past such intrusions were mainly manifested through spear-phishing emails and options like that, social media presents a lucrative point of infection for future incidents. Imagine an employee sitting at his or her desk and looking at Facebook. Not a hard situation to visualize, since the social media network represents the number one distraction for workers. Now imagine that simply by being on Facebook an employee could unwittingly allow a targeted attack into the business network. That’s the kind of disaster situation that’s going to become increasingly common, and it will call for more advanced means of cyber protection.
• Susceptibility of IoT devices to data theft: Smart technology is beginning to crowd the workplace. With mobile devices already commonplace in enterprise networks, there are new devices always being added to the fold, like the smartwatches that are now being introduced into the market. The growth of such connected devices, while promising innovation, also present threats and inherently open up vulnerabilities for businesses that choose to leverage them. Criminals are likely to experiment with many different ways of attacking these devices, but some of the methods that are likely to happen are denial-of-service attacks and man-in-the-middle attacks.
• Bigger and worse attacks: First, 2013 looked like a bad year for cybersecurity. Then 2014 blew it out of the water. That’s the trend with cybercrime: Each previous year pales in comparison to the next. In 2013, the Target hack was without precedent. It was devastating. Then 2014 rolled around and the Home Depot hack surpassed Target in terms of the biggest breach victim. The problem companies face these days is that potential attacks come from all angles. There are the ones carried out by cybercriminals – and these are the ones that get the most media exposure. But then there are attacks that arise from insider threats, which actually occur in greater numbers.
• Cybercriminals continuing to evade the law: The thing about cybercriminals that places them at an advantage over other criminals is that their malicious work takes place virtually, making them exceedingly hard to trace. The task of pinning down hackers and holding them accountable is something governments around the world are taking up with energy, but don’t hold your breath for that to pan out anytime soon. The reality is that due to their remote nature and aptitude at evading justice, malicious actors have the definite upper hand in the battle with law enforcement.

With issues like these facing all businesses, the need has never been greater for organizations to do everything possible to combat the cybercriminal threat. This means taking protective measures like implementing network security, mobile security and being cognizant of the threat posed by targeted attacks. The businesses that ignore the risks are the first ones that will get attacked, while those that prepare stand a much better chance of steering clear of cybercrime.

from Trend Micro Simply Security http://ift.tt/1AB8hQJ
via IFTTT