“Security and risk management leaders have operated in the shadows for a long time. Now it’s their opportunity to shine,” said Peter Firstbrook, research vice president at Gartner. “If they exploit emerging trends and build a strong security program, they can keep their organization safe and significantly elevate their standing.”
Remember when several massive ransomware attacks went global and hit many big businesses? Outbreaks such as Petya and WannaCry really put the malware threat on the IT agenda and made cybersecurity a priority for everyone. But it doesn’t stop with malware, there are many more security threats out there. The attackers’ arsenal is expanding and becoming more complex. Fredrik Svantes, Senior Information Security Manager at Basefarm, discussed with us the latest developments that keep the cybersecurity community busy.
Many companies have become much more aware of the need to be more secure. Greater cybersecurity efforts have made it harder for attackers to remain undetected while they are within their target’s network. In its recent annual report, the Dutch national intelligence agency AIVD reports an increase in the use of standard tools for attacks, some from nations dabbling in digital espionage. Fredrik Svantes, sees this happening more and more: “Attackers don’t want to get caught while stealing valuable data. High-profile targets deploy many security systems, malware detection systems for example. If attackers use specific “hacker tools” in their reconnaissance phase, this will raise a red flag. So, they opt for standard Windows tools, like Microsoft Power Shell, to look around in the network.”
How to keep out attackers who apply standard tools? Basically, this comes down to setting up a baseline for how employees use their systems. This is where big data analytics comes into the picture as it can help detect anomalies. “For instance, technicians will have certain work routines, while people in the finance department have a different workflow. When suddenly someone in the finance department opens Power Shell, this is not a standard behavior. This will trigger warning signals even though it just happens to be a standard Windows application.” Especially users with high security risks, like government and companies with significant volumes of IP or critical data to protect, rely on big data for security. Svantes: “Facebook does so for sure.”
Organizations looking to hire security professionals find themselves competing in a fierce market. “If you need security personnel in about a year, you’d better start recruiting them now,” says Svantes. “You can’t start recruiting just three months before an important project.” Although the situation might be improving, with several top European universities introducing security education programs, right now the lack of experts is a huge problem. For most companies, the best immediate bet is to look for external partners who can help to secure their IT. “Not every company needs a team of security professionals, but what everyone does need is people who are security aware. For example, developers should have security in the back of their minds while working on their projects.”
Regardless of the market you operate in, a trend that is emerging is criminals utilizing compromised servers for crypto mining which requires high amounts of computing power. “To have a single server mining for cryptocurrency is not very efficient, but it adds up when you have thousands of compromised servers working for you. Because crypto mining networks use substantial resources, the increase of resource usage can often set off alarm bells if proper detection measures are in place.” How can attackers be kept out? Most importantly, make sure your systems are up to date. Don’t leave things unpatched or run old versions of software. And of course: don’t click on everything you see. Attackers still see e-mail scams as an attractive “way in”.
“It’s one thing to try to protect your company, but there is no way to be 100% protected,” Svantes states. “The past couple of years have witnessed a strong focus on preventing attacks from happening. But now, many companies are waking up to the fact that they can only prevent so much. What they can do however, is try to detect intrusions as soon as they happen.” In a world of changing threats and compute-everywhere environments, the old security paradigm of just building bigger walls will be replaced by a continuum from block to allow. Machine Learning is becoming the key technology for predicting, detecting and preventing known and unknown threats. According to Gartner, deploying threat detection and response tools is a top priority for Chief Information Security Officers (CISOs). These investments can make a big difference. A recent report published by the US Ponemon Institute calculates that when an intrusion is found in less than 100 days, the average cost is $2.8 million. When detection takes longer than 100 days, the expense jumps to $3.8 million.
Read more about our emphasis on security here, our security standards here and our security services here!
You’ve done your homework and decided your company needs a Security Operations Center (SOC) to keep yourself protected and your customers’ data secure. You have a few options available: should you build your own SOC or find a provider for SOC as a service? The benefit of having your own SOC is having your own […]
Your company has digital assets that need to be protected. GDPR requires that a company detect any security incident involving personal data and report them within 72 hours, so you also have a legal obligation to be secure. You have responsibly defended yourself with cyber security tools like firewalls, antivirus and intrusion detection. So you’re […]
You’re working to keep your company secure. You have all the right tools and decided that you need a Security Operations Center (SOC). You’ve done your research and decided that SOC as a service is right for you. But what do you look for in a SOC provider? Judge your friends by the company they […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Security Affairs gives you some insight to which industries that have to fight the hardest against cyberattacks… “Society’s dependence on internet-based technologies means security professionals must defend against cyberattacks as well as more traditional […]
In this monthly post, we try to make you aware of five different security related products. This is a repost from my personal website Ulyaothroducts. This month we have choosen for the following: * ModSecurity * Snort * OSSIM * Nmap * Osquery ModSecurity ModSecurity is a WAF module that can be used for various […]
The digital transformation is speeding up and the world is increasingly running on data. In its wake cyber criminals are getting a whole lot smarter and over the past year we’ve seen massive ransom- and malware attacks resulting in global headlines, and cybersecurity is now a priority for everyone. But building huge walls in order […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Cisco Talos has published details regarding an APT campaign using DNS redirection and a malware they call DNSpionage. The malware supports both regular HTTP and also DNS tunneling as a way of communicating back […]
Unsolicited use of personal data can cause great reputational damage. Some companies discover this the hard way. On top of that, new laws on data protection came into effect in May. How should a responsible company act? By now, many organizations that store and use personal data have taken the necessary steps to ensure compliance […]
Is your company fit for the future? What do you need to look out for to accelerate digitization and drive innovation? The Digital Ability Report 2018 by Basefarm provides well-founded answers and valuable insights. This summer, we did a survey to find out the current state of digital maturity of companies and the criteria that […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Twice a year, an international contest called Pwn2Own – the Olympic Games of competitive hacking, if you like – gives the world’s top bug-hunters a chance to show off their skills. The word pwn, […]
Faster time to market with automated workflow 
https://unsplash.com/license