sb-nz logo
Story image

Opportunistic cyber attacks most dangerous, says SecureWorks report

17 Feb 2017

SecureWorks’ latest security report shows that there is a way for organisations to fight back against opportunistic cyber attacks. And what’s more, the security industry hasn’t served in the best interests of those it is trying to protect.

The company released its 2017 Cybersecurity Threat Insight Report Leaders: Partnering to Fight Cybercrime this month.

“In essence, the industry has not served the best interests of the organisations it promised to protect. Somewhere along the way—as is true in many other industries— serving customers simply became strong security postures. But none of the layers were ever removed, and the supporting resources to implement processes to tune, monitor and action the output of those technologies was often absent,” the report says.

The report shows that opportunistic attacks account for 88% of all attacks, while targeted threats account for 12%. The company says organisations are putting too much emphasis on advanced threats, when instead there is more risk in commodity threats.

Ransomware also plays a major role in the report, with an average 75% monthly increase in ransomware attacks. There is no specific vertical being targeted, so all organisations should plan for ransomware prevention and response.

“Based on the lessons identified during recent incident response scenarios, actions such as rights minimization, response planning, user education and frequent, segregated backups would have had the most significant defensive impact,” the report says.

It also goes on to state that organisations put too much trust in partners’ and affilliates’ security operations. This is dangerous because there should not be any assumption that third party security is as robust as the organisation’s own strategies.

A Bomgar report found that 92% of respondents trusted vendors completely or most of the time, and 67% saying they trust vendors too much.

“With the rise of breaches attributed to third parties, organisations need to start focusing on the selection and governance of these partnerships, rather than blindly trusting their partners’ security controls. Developing focused and structured relationships will help manage these risks,” the report says.

The company believes organisations must take a strategic approach to security, including characteristics such as:

  • A risk-based strategy formed from identifiable risks
  • A pragmatic strategy that prioritises actions that reduce the greatest risk first
  • Don’t put compliance first: Focus on security, and compliance will follow. It doesn’t work the other way around
  • Put people and processes before tools and technology. Building a culture of security is a difficult task, but inviting people from finance, HR, legal and other areas to discussions can help sell security to the rest of the organisation.
Story image
NortonLifeLock introduces dark web monitoring to its security suite
Dark Web Monitoring Powered by LifeLock will be capable of monitoring the dark web, searching for over 120 personal identifiable information including email, physical address, phone number, driver licence number, credit card or bank account numbers and gamer tags.More
Story image
Report: Rushing into cloud migration directly related to security issues
A new report from Radware highlights the impact of COVID-19 on organisations compelled to digitally transform in order to maintain business continuity. More
Story image
Evolving threat landscape top priority for security and risk leaders
"COVID-19 has proved how rapidly and how drastically such risks can change."More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
NZTech chief hopeful for greater diversity in tech sector
With the most diverse board ever, Muller has released a statement that highlights greater inclusion as the tech sector thrives in a pandemic-hit NZ.More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More