sb-au logo
Story image

Opportunistic cyber attacks most dangerous, says SecureWorks report

17 Feb 2017

SecureWorks’ latest security report shows that there is a way for organisations to fight back against opportunistic cyber attacks. And what’s more, the security industry hasn’t served in the best interests of those it is trying to protect.

The company released its 2017 Cybersecurity Threat Insight Report Leaders: Partnering to Fight Cybercrime this month.

“In essence, the industry has not served the best interests of the organisations it promised to protect. Somewhere along the way—as is true in many other industries— serving customers simply became strong security postures. But none of the layers were ever removed, and the supporting resources to implement processes to tune, monitor and action the output of those technologies was often absent,” the report says.

The report shows that opportunistic attacks account for 88% of all attacks, while targeted threats account for 12%. The company says organisations are putting too much emphasis on advanced threats, when instead there is more risk in commodity threats.

Ransomware also plays a major role in the report, with an average 75% monthly increase in ransomware attacks. There is no specific vertical being targeted, so all organisations should plan for ransomware prevention and response.

“Based on the lessons identified during recent incident response scenarios, actions such as rights minimization, response planning, user education and frequent, segregated backups would have had the most significant defensive impact,” the report says.

It also goes on to state that organisations put too much trust in partners’ and affilliates’ security operations. This is dangerous because there should not be any assumption that third party security is as robust as the organisation’s own strategies.

A Bomgar report found that 92% of respondents trusted vendors completely or most of the time, and 67% saying they trust vendors too much.

“With the rise of breaches attributed to third parties, organisations need to start focusing on the selection and governance of these partnerships, rather than blindly trusting their partners’ security controls. Developing focused and structured relationships will help manage these risks,” the report says.

The company believes organisations must take a strategic approach to security, including characteristics such as:

  • A risk-based strategy formed from identifiable risks
  • A pragmatic strategy that prioritises actions that reduce the greatest risk first
  • Don’t put compliance first: Focus on security, and compliance will follow. It doesn’t work the other way around
  • Put people and processes before tools and technology. Building a culture of security is a difficult task, but inviting people from finance, HR, legal and other areas to discussions can help sell security to the rest of the organisation.
Story image
Security training and tech: Empowering staff in a hybrid work environment
As employees travel back and forth between home and the workplace, are they walking through the door with cyber threats sitting on their devices?More
Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More
Story image
APAC organisations struggle to find balance between digital adoption and cybersecurity
Organisations in the Asia Pacific (APAC) region are significantly concerned about security threats, but nevertheless are looking to advance operations through digital adoption.More
Story image
Netlinkz revenue surges 846% as secure enterprise cloud technology gains traction
Executive chairman James Tsiolis believes this growth is the start of something much bigger.More
Link image
Webinar: Best practices for managing disparate security solutions
As budgets get more constrained, the emphasis shifts from merely finding threats to increased efficiency in managing security operations. Learn how to juggle a crowded field of solutions.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More