Chances that ransomware will go away any time soon are slim, so security experts can’t emphasize enough the importance for enterprises to seriously invest in cybersecurity and focus on developing risk mitigation strategies to avoid being caught off-guard. For some reason, the number of businesses ready to pay ransom to get their data back is increasing, opening up endless opportunities for hackers working on complex malicious software to further compromise corporate networks.
A few years ago, companies were reluctant to adopt cloud computing because they thought a lack of physical access to the network would deprive them of control over their data. A major shift occurred when they understood that, with suitable configuration and security, cloud computing offers serious benefits.
Companies still struggle with ransomware, phishing, data breaches and other attacks that bypass their security and affect their budgets. Enterprises know they are in dire need of technology that will safeguard their infrastructures from known, unknown, and undisclosed vulnerabilities.
Security executives fear cyberattacks will heavily target critical infrastructures in the near future, but they don’t seem to be doing much about enforcing security policies that also cover IoT devices. Despite the major threat they pose, connected devices have so far been overlooked in security policies. It appears that in general, in spite of the increasing awareness of high-profile cyberattacks and threats, enterprises tend to look the other way rather than invest properly in a cybersecurity strategy.
Cloud security has grown into a major issue for enterprises, as only one company in six encrypts all data, according to a Bitdefender survey. While 85% of CISOs fear security flaws in the public cloud, as many as 51 percent of enterprises don’t properly secure their cloud storage services, according to RedLock, leaving their data exposed to hackers.
Businesses cannot come up with a mitigation strategy to efficiently detect, identify and manage insider threats, according to research from the Ponemon Institute, so they risk the loss of critical confidential data and resources, network shutdown and reputational damage. In the past year, 159 organizations from the United States, Canada, Europe, Middle East, Africa, and the Asia-Pacific region dealt with 3,269 security breaches caused by insider threats due to plain negligence.
In 2015, Russian hackers shut down Ukraine’s electrical grid after infecting the infrastructure with malware. It was only a matter of time until they would target the US power system. As of 2016, US critical operational infrastructures have been under siege by "Russian government cyber actors," as described by the Department of Homeland Security and the FBI.
The ease-of-exploit rating has made the financial sector a cybercrime magnet for years, especially for targeted extortion attacks. The industry has fallen victim to numerous security breaches, data exfiltration hacks, DDoS attacks taking down global online operations and disrupting services, and has lost millions to malware and ransomware attacks. So what’s next?
Cryptomining transactions, seen as a terrific money-making scheme separate from the traditional online advertising, are growing faster than ever, concluded security researchers after 2.5 billion attacks were blocked in enterprise networks in the past six months.
In the past two years, cyberattacks on the financial sector have picked up speed. As companies in the sector struggle with the major shift toward digital transformation, some are caught off guard by the significant rise of malware designed specifically to target their sector, such as Dyre Trojan, Dridex, hybrid banking Trojan GozNym and TrickBot. Once the network is infiltrated, hackers can easily steal, read, alter and even erase top secret information.
Doctors can’t prescribe proper treatment for patients without identifying and analyzing symptoms to make a clinical diagnosis. It’s the same for CISOs, who are responsible for their organization’s digital health.
The deadline for full compliance with the European data protection law is right around the corner, but businesses still lack awareness and must overcome many security oversights. Surprisingly, as few as 38 percent of companies in the UK have actually heard of GDPR, according to a government survey. If businesses are not prepared by May 25, when the law takes full effect, they could face fines worth up to €20 million.
