Complacency is no longer an option in 2015 for enterprise cybersecurity
Prolific cyberattacks against Sony capped off one of the biggest years on record for cyber security. Approximately 100 terabytes of data were compromised and up to €90 million in damages were inflicted during this headline-grabbing incident as the Trend Micro annual security roundup report, “The High Cost of Complacency,” analyzes this and other notable activity throughout 2014. The year’s happenings reinforced that cybercriminals are relentless with ever-increasing levels of sophistication and tenacity.
Report highlights include:
- No threat is too small. It did not take a sophisticated piece of malware to cripple a target. Attackers are using a simple wiper to breach company’s defenses with devastating effects.
- PoS RAM scrapers came close to becoming a mainstream threat in 2014, as several high-profile targets lost millions of customer data to attackers month after month.
- Software and platforms not thought to be at risk proved that no application was invulnerable in 2014.
- Online and mobile banking faced bigger security challenges and are proving that two-factor authentication was no longer enough to secure sensitive transactions.
- Ransomware became a bigger and more sophisticated threat across regions and segments. And unlike older variants no longer just issue empty threats but actually encrypt files.
This report by Trend Micro, which has EMEA headquarters in Cork, shows how destructive attacks could be to individuals and companies alike in 2014.
Effects of losing massive amounts of confidential data to attackers such as substantive financial losses and irreparable reputation damage ran rampant throughout the year. The severity of the attacks and their effects revealed one thing – the risks of becoming the next victim of a cyber attack have gone even higher.
Various companies suffered financial, legal, operational, and productivity losses after getting hit by massive data breaches. Breaches across industries aided by point-of-sale (PoS) RAM scrapers, for one, increased in number in 2014. The year was not solely marred by the biggest breaches seen to date though, as attacks targeting vulnerabilities like Heartbleed and Shellshock in widely used, previously considered secure open source software as well as FakeID and Same Origin Policy (SOP) Bypass in mobile devices and platforms were also seen. Established processes like two-factor authentication also proved vulnerable to threats, as evidenced by attacks instigated by the criminals behind Operation Emmental.
As years pass, we are bound to see more crippling attacks against both likely and unlikely targets. Attackers will always trail their sights on one thing, profit. They will continue to indiscriminately hit data gold mines because peddling stolen information is a lucrative business, as evidenced by the thriving cybercriminal underground economy.
“It is everybody’s job, not just those of IT professionals, to ensure that the company’s core data stays safe. All in all, it’s a combination of identifying what’s most important, deploying the right technologies, and educating users,” said Raimund Genes, CTO, Trend Micro.
Additional findings include confirmation of Trend Micro’s late 2013 prediction that one sizable data breach would occur every month, further solidifying the need for organizations to protect their networks and implement intrusion detection.
“The past year was unprecedented in terms of the size and scope of cyber attacks as evidenced by the Sony situation. Merely dealing with threats as they surface is no longer enough, acting on risk assessment results prior to security incidents is actually more beneficial. Organizations need to rethink their current cybersecurity investments so they can easily respond to and mitigate attacks. Planning ahead so they can instantly take action if they need to is critical because these kinds of cyber attacks can happen to companies in any industry and to whatever size,” said Simon Walsh, Senior Engineer at Trend Micro’s EMEA headquarters in Cork.
A blog post regarding the report can be viewed here.