In 2018, 1.3 million users of a UK clothing and accessories website had their private data exposed due to a security breach through a service provider that is hosting their information.
On December of the same year, a ransomware variant was suspected of instigating an attack on major US newspapers, causing delays in the printing and delivery of several broadsheets by almost half a day.
Prior to that, FEDEX lost $300M in a 2017 ransomware attack, effectively decreasing their reported profits on that year’s third quarter.
This is where malware attacks are heading. Cyber criminals are getting bolder and more innovative in their objective to divest businesses of their hard-earned finances. But if you are thinking that ransomwares are the only thing growing by the day, think again.
Malwarebytes 2019 report shows a different trend. A study that has been conducted by the said security vendor revealed that the rise of bitcoin technology in the financial sector paved the way for the rise of crypto miners.
Using the above data, we can clearly see how cyber criminals have shifted their focus from individual consumers and end users to medium-sized and large enterprises. This now begs the question, why take the risk knowing that these businesses have the money to spend on IT security? Simple. They know that it’s the weakest link of every enterprise.
You see, most businesses right now are content in having a complete anti-virus enterprise suite protecting their infrastructure. They are of the mentality that having Endpoint security, perimeter protection, and vulnerability management processes installed and implemented is enough to secure them. This has been proven as further from the truth if we are going to base it on what is sweeping the industry currently.
Once ransomwares and crypto miners are able to get hold of your system, they effectively render it unusable until after you have paid their financial demand. It could mean days of downtime if you decide to play tough. Or it could be a loss of integrity and credibility, excluding of course the financial setback, for your company. And in an industry that is very unforgiving when it comes to loss of integrity and credibility, it could mean the death of your rising empire.
So, how do we approach it moving forward?
Short answer, there’s no one solution to it.
Long answer: it could be through the implementation of better IT security processes, the deployment of dependable software security monitoring suites, an adoption of a rigid disaster recovery program, or it could be a combination of all of these.
IT Security threats have grown by leaps and bounds. And quite honestly, IT security processes and programs are a bit slow in catching up. So, the best way to combat these threats is by crafting a strategy that would empower, not just your company’s hardware to fight off these attacks, but also your people who areprobably the weakest point of your IT security system.
An intensive cyber security campaign focussed on educating users about the do’s and don’ts in IT security should be a priority. On-boarding qualified IT security professionals should be done to ensure that the company has knowledgeable personnel who could protect their assets. It would also help a lot if the company hires a CIO or CSO that would ensure IT security will be put on notice when it comes to high-level decision makings (read:budget). And last but not the least, a complete and extensive program should be adopted. One that addresses both the technical and business aspects of IT security.
Educate. Train. Recover. Defend. Protect.
That’s how IT security should evolve. That’s how it should be beyond today’s sunset.