It’s a new year with every new beginning there is always excitement and optimism for great things to happen. In the previous year, there was a lot of technology innovations that changed how we interact and conduct business. Closely related to that were the cyber threats that organizations & individuals faced and unfortunately it won’t be different in 2017.
Ransomware, one of the most vicious cyber threats
2016 was labelled the year of ransomware and that’s not going to change soon. The malware has so far been one of the most dangerous menaces in the threat landscape. The attacks went up, ransom demanded went up too and every payment made gave incentives for criminals to improve their techniques to avoid being detection.
Ransomware is reaching its maturity level. Majority of malware included in phishing email and other exploit kits are ransomware. The malware has proved to not only effective but also rewarding to the cyber criminals hence the scale in the business.
New variances of ransomware will be experienced and new features will be added onto so at the malware more efficient and avoid detection. With demand for it rising, supply will be readily available as there as already sites offering ransom-as-a-service. The creators of the malware sell the malware to a distribution channel (who don’t even need to be technical) and earn a cut from the distributors profits. Commercialization of ransomware creates a huge challenge for organizations as the threat landscape is sophisticated and traditional security controls will not be effective.
Kenya, Liberia, DR Congo, Senegal, Rwanda and other countries will be going to the polls later on in the year. The US is still recovering from ‘Grizzly Steppe’ cyber attack where Russia has been blamed for infiltrating the elections and attacking political parties to influence the outcome. The countries going into the polls need to have their guards up to avoid such attacks of which some could be from internal sources. Given the nature of politics in Kenya expect lots of propaganda and data leakage from political parties and including the electoral body (IEBC). Political parties don’t just need a guard at the gate or a firewall to secure their strategies within the confines of the HQ. Thanks to spear phishing staff members of the political party may just give out all the secrets to the opponent.
Political parties need to control access to confidential data, secure devices (including mobile) used to access the data and of course create awareness to their staff on cyber threats – especially phishing. It’s prudent to conduct a security assessment whose outcome will provide vulnerabilities that can be sealed off before it’s too late.
Back to the basic (Confidentiality, Integrity & Availability- CIA)
Ransomware is a reminder of importance of A (Availability) in the CIA triad. There is always a perception that adversaries target CI (It holds some truth), however given the menace caused by ransomware and DDOS there is need for a balance. Downtimes have a significant correlation with loss of revenue for an organization. If an organization can’t run operations (e.g. produce or serve customers) that has a direct impact on profitability considering that the overheads remain constant.
Given there is a clear and significant correlation between downtime and loss of revenue, organizations needs to focus on avoiding outages from availability attacks. Ideally it should be a top priority for the organization. Availability attacks will be on the rise this year hence organizations need to ensure they mitigate the threats before they are hit.
Fighting the unknowns
The threat landscape has become so sophisticated that traditional end-point solutions can detect threats of the day. It’s a daunting task trying to keep up with malicious actors despite heavy investment in cyber security -organizations still get compromised. In the case of Ransomware where new variances are being released, signature based solutions can’t protect an organization from such an attack. Majority of organizations are caught off guard by new variances of ransomware despite having defense solutions.
Security analytic solutions will gain traction given the loopholes in signature based solutions. It will not be enough to keep systems up to date and have solutions to detect adversaries. User Behavior Analytic(UBA) and setting baselines to determine what’s acceptable then having anything that falls out of that labeled as malicious. Ransomfree by Cybereason is one of the tools using behavioral analytic to protect against ransomware. Its can stop up to 99% of ransomware strains and guess what it’s free!!!
UBA will also provide early detection of internal fraud in organization which is another pain. The insider who is trusted and is authorized to access data and carry out transactions as per their job role requirements. The insider knows where the “crown jewels” are stored. It’s difficult to detect when they go rouge and the end results are catastrophic. UBA will detect insider threats at very early stages and preventing fraud.
IoT attacks to increase
Enterprises are quickly adopting IoT’s to enable them collect data i.e from industrial plants, monitor patients in hospitals, automate and monitor pretty much everything imaginable in their premises . IoT’s end up connected to the enterprise network and the downside is that no much security is put into consideration by the developers. By that virtue IoT’s create a new attack vector for malicious actors to gain access into the organization.
IoT’s have also penetrated the home market too. It’s convenient to get to check what’s missing in a smart fridge while shopping at the mall. However, you may end up being a victim of Identity theft which could have originated from your smart fridge. Internet access in homes is close to a basic utility and more home owners preferring WiFi so as to connect their smart devices. On the downside, the internet providers don’t offer any security solutions to the naïve home owners leaving them to mercy of malicious actors.
IT security Budget
CIO & CISO will have to bargain for higher allocation on their budget. Traditional security controls will not keep cyber threats at bay and more investment needs to be done on analytic and conducting user awareness. The adversary is more vicious and evolving very fast hence more investment is required for defense, incident response and continuous monitoring.
SME will continue to be hit hard thanks to low guard and minimal investment in cyber security. With a minimal budget it’s wise for SME’s to outsource security to a Managed Service Provider (MSP). Security as a Service is ideal for SME’s as it’s costly to set up and run and manage their own Security Operations Center (SOC). In addition, cost associated with cyber crime is exponentially growing which can make some of the SME go out of business.
Cyber Risk Insurance
All you can do is all you can do but all you can do is enough -Arthur L. Williams Jr.
Despite having the best defense strategy and taking all measures to keep cyber threats at bay at one time or the other the adversary will be ahead of your strategy. Cost associated with breaches will sky rocket given the commercialization of cyber crimes as well sophistication of the threat landscape. Transferring the risk to a cyber risk insurer comes in handy in such times.
From the onset, the insurer guides the organization in determining their value at risk based on organization valuation, IT investment, Defense & Controls measures and exposure risk. The goal being to reduce the value at risk and finally offer a policy that covers the policy holder against cyber related risks.
Cyber Risk Insurance will gain popularity given dynamics of threats and costs associated with breaches- both pre & post the breach. Cyber security is now a board room discussion where C-Suite are recognizing the risk of data breaches and financial implications behind them. The discussion is now shifting towards seeking insurance policies to ensure their business are protected in the event of a security breach.
2018 © Villbo Group Limited.