“It is important to report cyber incidents as quickly as possible.” said U.S. Deputy Attorney General Rod Rosenstein at the Global Cyber Security Summit, hosted by Skytop Strategies in London this past October.
As the global threat of cyber security breaches continues to grow, it becomes paramount for a company’s well-being, both financial and otherwise, to remain vigilant in it’s updates of the cyber security threat landscape.
A recent global cyber landscape threat report by Fortinet, Inc. identifies 3 general types of threats:
- Exploit Data: Attacker reconnaissance activities to identify vulnerable systems and attempts to showcase those vulnerabilities;
- Malware Data: Weaponization or delivery stages of an attack rather than successful installation in target systems;
- Botnets Data: Command and control traffic between compromised internal systems and malicious external hosts.
According to this report, the third quarter of 2017 saw exploits in 79 percent of firms, and 153 exploits per firm on average. As far as malware is concerned, the report indicates 25 percent of firms reported instances of mobile malware, and 22 percent reported the same of ransomware. It was also reported that there was 14,904 variants of malware, and 2,646 malware families. Lastly, with 245 unique botnets detected and 518 botnets comms per firm confirmed daily, the presented data should leave the corporate world asking one important question: What does this mean for our company?
“Ransomware infects more than 100,000 computers a day around the world. The total amount of ransom payments approaches $1 billion annually,” said Rosenstein. “Attacks used to be indiscriminate, scattershot attempts to squeeze a few hundred dollars from anyone who happened to be affected. Now, sophisticated and targeted attacks focus on particular businesses.”
However, as cyber crime has evolved the defense measures taken by many corporations has not grown to match the cyber attacks against them. Unfortunately, this trend is not new and the cyber threat landscape grows daily when corporations do not take the threat seriously.
The number of attacks, as well as their widespread origin and severity, is unprecedented. Said Rosenstein, “Increasingly, technology frustrates traditional law enforcement efforts to collect evidence needed to protect public safety and solve crimes.”
He continues, “For example, many instant-messaging services now encrypt messages by default. And smartphone manufacturers made a conscious decision to engineer their phones to eliminate the capability to recover data stored on the devices.”
Back in 2009, a U.S. Senate committee was told by Richard Schaeffer, former Senior Executive of the National Security Agency, that, “If network administrators simply instituted proper configuration policies and conducted good network monitoring, about 80 percent of commonly known cyber attacks could be prevented.”
Nearly a decade later, a cyber security statistics blog called Barkly reported that 52 percent of organizations that suffered successful cyber-attacks in 2016 had no plans to make any changes to their security in 2017. “Ransomware and major exploits will continue to grow and become more complex in the cyber security threat landscape for 2018,” said Mitchelle Schanbaum, CEO of Specialized Security Services in an interview with Skytop on Jan. 08, 2018.
According to Dr. Zvi Marom, Chief Executive Officer & Founder of BATM Advanced Communications, “The rate of cyber crime is increasing exponentially.
“[The] number of cyber criminals is negligible in relation to cyber crimes dominating the crime scene,” said Dr. Marom in October of 2017 at the Skytop Strategies Global Cyber Security Summit.
A surprising number of organizations don’t take cyber security seriously enough. However large or small, corporations working with any sort of digital information or web-connected devices have to be aware of the crucial role they play in cyber security.
Said the Deputy Attorney General in London, “Whether your organization is a large, multinational company, or a small start-up that creates web-connected devices like doorbells, thermostats, or kitchen appliances, you can play a critical role in thwarting cyber attacks by building into your systems and devices mechanisms that secure them against criminals, and by cooperating with law enforcement officials during any investigation.”
One of the largest issues facing victims of cyber attacks is that they, as well as the vast majority of those at risk to an attack, are not proactive enough in their protection. The lack of proactive activity is a huge reason for the increase in cyber crime.
“Your actions, together with law enforcement’s help, could prevent the next attack,” says Rosenstein, “and a collaborative approach will be more effective than merely trying to avoid being the next victim.”
Rosenstein continues, “Law enforcement has tools that are not available to the private sector. In the long run, a swift and decisive response that involves cooperation with law enforcement is more likely to be effective and sends a strong signal to your customers that you responded with the necessary urgency.”
Mitchelle Schanbaum and Dr. Zvi Marom are both pioneers in the field of cyber security, and frequent speakers and presenters at Skytop Strategies conferences. Check out some of our upcoming conferences on cyber security, like Cyber Risk Governance 4.0, Cyberfront, EuroCyber and Global Cyber Security Summit at https://skytopstrategies.com/conferences/.