Deficient Security Gives Cyber-Attackers Free Rein
Cyber-attackers usually have ample time to damage a company’s security because of its fragile infrastructure, poor network hygiene and slow detection rates.
Ransomware is the most profitable malware type, and businesses are the top target. During Q1 and Q2 2016, ransomware targeted both individual and enterprise users, and it became more widespread and potent.
Cisco researchers examined Nuclear Exploit Kit and found that Adobe Flash accounts for 80% of successful exploits.
JBoss-related compromises have made significant inroads in servers, leaving them vulnerable to attack.
There was a fivefold increase in HTTPS traffic related to malicious activity, which can be attributed to malicious ad injectors and adware. Increased use conceals attackers’ activity on the web and expands their time to operate.
Major vendors supply patches when vulnerabilities are announced, but many users do not download and install them in a timely matter. The gap between availability and implementation gives attackers ample time to launch exploits.
An examination of infrastructure and patches to operating systems reveals that 23% of devices have vulnerabilities dating back to 2011. 16% have vulnerabilities that were first published in 2009.
Transport Layer Security (TLS), the protocol for encrypting network traffic, is being used by attackers to hide what they’re doing. This makes deep-packet inspection ineffective.
The current time to detection rate of 100 to 200 days is unacceptable. With adversaries constantly unleashing new threats, companies must move swiftly. Between December 2015 and April 2016, Cisco reduced its median TTD to 13 hours.
Institute and test an incident response plan to enable swift return to normal business operations after a ransomware attack.
Do not blindly trust HTTPS connections and SSL certificates.
Patch published vulnerabilities quickly in software and systems, including routers and switches.
Educate users about the threat of malicious browser infections.
Understand what actionable threat intelligence is.
Integrate defenses by leveraging an architectural approach to security versus deploying niche products.
Measure time to detection. Insist on the fastest time available to uncover threats, then mitigate against them immediately. Include metrics in the security policy.
Protect your users everywhere they work—not just the systems they interact with and when they are on the corporate network.
Back up critical data and routinely test effectiveness to confirm that backups are not susceptible to compromise.