The latest threat reports are in! Are you preparing your business against future cyber-security threats? Predictions for 2019, phishing attacks, & more!
See what cyber-trends this past year has brought us and what predictions are made for 2019. Will there be an increase in phishing attacks? Ransomware? Will there be different vulnerabilities to ward off?
Joseph Bruemmer with Data Privacy Monitor and Baker & Hostetler revealed the upcoming cyber-threat challenges that 2019 may bring in Cybersecurity Firms Issue Annual Threat Reports:
CrowdStrike, FireEye and IBM Security recently released their annual threat reports. These threat reports contain a wealth of information on recent trends in cybersecurity attacks and recommendations on the preventive measures companies can take to protect themselves. As attackers’ tactics, techniques and procedures continue to evolve, and as the attack surface of organizations continues to grow, it is increasingly important that companies stay up to date on these matters.
According to the reports’ authors, 2018 saw some notable changes in attackers’ focus and methodologies. They are increasingly “living off the land” by using common tools already existing on systems to achieve their goals. The use of scripting techniques, including PowerShell, command-line interface and similar techniques, has moved to the fore as a favored approach of attackers, reducing the efficacy of traditional methods of protection.
Phishing attempts, including those involving business email compromise scams, and misconfigured systems, servers and cloud environments continue to present some of the largest risks of compromise to organizations. Indeed, based on a 2018 survey, one researcher concluded that misconfigurations represent the single biggest risk to cloud security. Attackers are also targeting suppliers and other third-party providers, broadening organizations’ potential exposure. Ransomware, while still popular, is being overtaken by
To reduce the risks posed by these developments, the authors recommended that organizations take the following actions, among others:
- continue user awareness training and test campaigns with updated phishing techniques to educate their workforces;
- enable multifactor authentication on O365;
- enable audit logging on O365;
- implement a robust privilege access management process, which will limit the damage that attackers can inflict if they do gain access to an organization’s systems and will limit the attackers’ ability to move laterally;
- check and monitor settings on cloud service architecture and not maintain default settings; and
- thoroughly vet third-party providers before they are engaged to ensure that they have robust security programs and continuously monitor them for compliance throughout the life of the business relationship.
Copies of the Threat Reports can be found here:
Bruemmer, J. L. (2019, March 12). Cybersecurity firms issue annual threat reports. Data Privacy Monitor.