Do You Want CybSec With Your Cookies?
Mar08

Do You Want CybSec With Your Cookies?

This week’s cybersecurity threat report from SonicWall doesn’t hold any real surprises from every other cybsec alert that frequents my inbox — i.e. the Cisco 2018 Annual Cybersecurity Report — but it does reinforce the key themes: cybsec threats are bad, and growing worse (it was called the ‘greatest concern’ at last month’s Senate threats hearing). “We tend to view the world as a cybersecurity arms race… the good guys make advances and the bad guys make advances,” John Gordineer, Director of Product Marketing, SonicWall, tells IT Trends & Analysis. The cybsec vendor said cyber attacks are becoming the number one risk to business, brands, operations and financials, and it identifies almost 500 new previously unknown malicious files each day, which makes this one of the hottest IT — and business — markets. MarketsandMarkets states the data protection market is expected to grow from $57.22 billion in 2017 to $119.95 billion by 2022, at a Compound Annual Growth Rate of 16%, while the total cybsec market will grow almost as quickly, from last year’s $137.85 billion to $231.94 billion by 2022, at a CAGR of 11%. While the SonicWall survey found that the number of attacks was down, the variety of attacks is increasing, which he attributed to several factors, especially in ransomware attacks, he said. First, companies that paid their ransoms did not get their data back; more effective protection is being deployed; and data backup and recovery solutions make companies less likely to become a victim or need to pay ransoms. As a result, the bad actors are scrambling to retool their ransomware to be more profitable, since they are catching fewer victims, said Gordineer. “We’re curious to see where that goes in 2018. One of the things we’re seeing is ransomware as a service.” Key findings of the SonicWall survey included: -9.32 billion total malware attacks in 2017, an 18.4% year-over-year increase; -ransomware attacks dropped from 638 million to 184 million between 2016 and 2017; -ransomware variants increased 101.2%; -the company collected 56 million unique malware samples in 2017, a 6.7% decrease from 2016, but the total volume of unique malware samples in 2017 was 51.4% higher than 2014; and -the average organization will see almost 900 file-based attacks per year hidden by SSL/TLS encryption. Cisco’s results offered similar dire news: -32% of breaches affected more than half of respondents’ systems, compared with 15% in 2016; -more than half of all attacks resulted in financial damages of more than $500,000, including, but not limited to, lost revenue, customers, opportunities, and out-of-pocket costs; -complexity is growing: in 2017, 25% of security professionals said they used products from...

Read More
Security To Suffer Until Governments Get Their Acts Together
Jun04

Security To Suffer Until Governments Get Their Acts Together

Vendors continue building new and improved technology to protect digital assets, and end-users are throwing more money to safeguard their information, but unless governments can get their collective act together, security will continue to be a disaster, according to NSS Labs. “We’re not going to get even close to where we need to be until governments agree to co-operate,” said Randy Abrams, Research Director for the security research and advisory company, in a recent interview with IT Trends & Analysis. “Breaches are going to happen,” said Abrams. Even with improvements in cloud security, endpoint protection products (EPP) vendors recognize attackers are going to get through, he said, “especially if governments that are housing these criminal activities are seeing revenues as a result of these activities.” Getting governments more involved is “going to be a critical piece of really improving security by a massive amount. You can only do so much defence in depth!” According to the Ponemon Institute, 432 million accounts were hacked in the last 12 months, including 110 million Americans, and that’s considered to be a conservative estimate. This doesn’t include eBay’s massive breach announced last week, added Larry Ponemon, which reportedly impacted as many as 145 million customers, whose names, addresses, phone numbers, dates of birth, email addresses and encrypted passwords, were exposed to attackers. Back in March NSS reported that personally identifiable information (PII) of more than 300 million Americans had been “repeatedly compromised” in the decade’s 10 largest breaches. It also highlighted the fact that half of those major breaches occurred in 2013 alone. PII protection is a big issue for Americans, according to a recent Unisys survey, which reported that 59% of U.S. respondents are seriously concerned (“extremely” or “very” concerned) about other people obtaining and using their credit or debit card details, jumping from 52% in 2013. Ranking second and third, respectively, on the list of top security concerns, 57% are seriously concerned about identity theft, and 47% are seriously concerned about national security in relation to war or terrorism. Another recent Ponemon survey, commissioned by Raytheon, found that despite increased awareness of threats, 88% of privileged users believe privileged user abuse will increase. “The results of this survey should serve as a wakeup call to every executive with responsibility for protecting company or customer sensitive data,” said Jack Harrington, VP of Cybersecurity and Special Missions, Raytheon Intelligence Information and Services. “While the problem is acutely understood, the solutions are not.” IDC reports that a consistent bombardment of unknown, targeted, and adaptive cyber threats are wreaking havoc in the enterprise and driving the expansion of threat intelligence security services (TISS) that are...

Read More