Get ready for biggest year yet in cybercrime. We have learned over the last few years that hackers have honed their penetration skills to the point that any targeted company can easily become a victim. Most business owners have accepted that being connected to the Internet means that they can and probably will be compromised regardless of the defensive measures taken. It is more than just a game of probability. Every company in every country that is connected to the Internet will definitely get compromised but, how, when and what will be taken is the big question. Today, it seems that most business owners are willing to take the chance and they probably have to in order to stay competitive.
“There are two kinds of big companies in the United States. There are those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese.” James Comey – Director, FBI
In a recent survey of 583 U.S companies conducted by Ponemon Research on behalf of Juniper Networks, 90% of the respondents said their organizations' computers had been breached at least once by hackers over the past 12 months. Nearly 60% reported two or more breaches over the past year. More than 50% said they had little confidence of being able to stave off further attacks over the next 12 months.
What Makes Us Vulnerable
Most security teams understand that our chances of falling prey to cybercrime increase if the company has:
- Data that is worth stealing
- Lots of money
- Many employees that read email
- Poor security in place
- Inadequate backups
- Unpatched systems on the network
The more protected you are and the tougher the attacker finds it to get inside, the more likely they are to move onto another company.
NBC news reported that Hollywood Presbyterian Medical Center CEO Allen Stefanek said in a statement Wednesday that paying the ransom of 40 bitcoins was "the quickest and most efficient way to restore
our systems and administrative functions." He said the hospital did it in the interest of restoring normal operations.
Allen Stefanek’s decision may have been the wisest choice. The FBI announced in Oct of 2015 that paying the ransom is sometimes the best decision.
“To be honest, we often advise people just to pay the ransom.”
Joseph Bonavolonta, Assistant Special Agent CYBER and Counterintelligence Program – FBI, Boston
How They Get In
The bigger the company, the more entry points for malware exist due to having more employees accessing the web. Greater employee counts means being more susceptible to phishing attempts which seem to be the method of choice for gaining a foot hold inside an organization. In fact, phishing attempts have DOUBLED in 2016 over 2015.
In March, the number of email antivirus detections reached 22,890,956, which is four times more than the average for the same period last year. This represented 56.52% of all email being spam.
Source: Kaspersky Lab
Prepare Your Company
Stopping the malware from getting in is difficult. The more they spam your organization, the higher the probability that they will get in. To prepare for this inevitability, here are a few things to consider:
- Make sure your cyber forensics team has the data they need to investigate the event. This means log and NetFlow collection.
- Invest in detection systems that look for odd behaviors such as low and slow data thefts.
- Install a UDP forwarder to forward logs and flows to multiple collection points making it harder for malware to cover up its tracks.
- Make daily backups of critical systems and keep all them all patched
- Provide mandatory quarterly training on cyber security for all employees
- If possible, remove critical systems from the Internet. This does not mean blocking them from accessing the Internet by using an access list on the router or firewall. That is definitely not effective today due to connection tactics such as DNS tunneling. If you can, unplug it from the network. Otherwise, it is a highly sought after target.
Leave a comment