Security: 3 things to know, 3 things to do

• The lowdown on the top three issues plaguing security experts
• And the three things organisations need to do

DECEMBER is the time of the year when looking back is on almost everyone’s checklist. My checklist, by the nature of my job, was spent reflecting on security in our digitally driven world.
 
What I’ve become acutely aware of this year was the exponential surge in data and connectivity everywhere. In parallel with the explosive growth of data and connectivity, was the rise in security threats across all platforms.
 
2015 was a definitely a challenging year given the rise of insider threats, spike in malware, sophisticated stealth tools, and morphing attacks experienced by big and small organisations. No one was spared, not even the consumer.
 
READ ALSO: Symantec’s future guided by four priorities, says senior exec
 
Here’s a lowdown on the top three issues plaguing security experts:
 
1) It was kiddies, no kidding
 
Many organisations experienced security incidents as a result of amateurish script kiddies, but their investigations uncovered a more malevolent threat in the form of an organised cybercriminal.
 
These ‘onion-layered’ security incidents caught most organisations by surprise.
 
Underlying the script kiddies were cybercriminals who use a sophisticated combination of commercial tools, malware/ rootkits and backdoors to increase their access level on the client’s network and compromise additional systems over several weeks of expansion.
 
The attackers are able to comprise systems by taking advantage of old and unpatched systems exposed to the Internet, or the careless security specialist who isn’t paying full attention to the network.
 
2) Ransomware rising
 

 
Sometimes, what is worse than wreckage caused by a hack is a malicious code that holds data at ransom until money is paid to decrypt it.
 
This happens when a system is prone to security and procedural breakdowns leading to recurring infections. Just like a recurring flu, unless the fundamental cause is addressed, it won’t get better.
 
Ransomware is on the rise and the danger is real especially with more people transacting on the mobile platforms.
 
According to the US Federal Bureau of Investigation’s Cryptowall report, ransomware attacks have netted hackers more than US$18 million from 2014 to 2015.
 
Our researchers believe that ransomware will remain a threat and profitable business for cybercriminals in 2016, migrating to mobile devices as well.
 
What is worse is that a malicious trojan can reside undetected in the system – for months – only to strike when least expected. Victims would suffer undue damage due to their own ignorance.
 
If victims continue to slack off and are not vigilant about patching their system, they stand to lose precious data – especially if they don’t do regular backups.
 
3) It’s dangerous inside
 
The scenario does not get better. Our study also found that disgruntled employees are threats to the system as well.
 
The study revealed that 55% of all attacks last year was carried out by ‘insiders’ or individuals who had insider access to an organisation’s system.
 
Careless practices such as bad password policies and the lack of accountability among employees compounds the issue. Such habits make it easy for insiders to slip under the radar.
 
Most organisations also suffer the illusion that all is well if a terminated employee has been cut off. Little do they realise that the former employee may have installed remote administration tools (RATs) to gain access long they have left the building.
 
3 things to do
 
The future may look bleak but there are ways to stay safe. There are three things an organisation can do:
 

1. Hold mock tabletop exercises, including stress tests, educational scenarios, technical and non-technical discussions, and cross-functional reviews.
2. Initiate incident response plans, because the ability to respond quickly and efficiently may mean the difference between a short-duration event with limited impact and a long-running disaster.
3. Red-flag to indicate a compromise has happened. Indicators include unusually high network traffic, anomalies in user activity, surges in database read volume, mismatched port-application traffic, web traffic with superhuman behaviour. The list goes on.

Essentially, organisations need to go back to basics. The good news is that 85% of the C-suite is supportive, with 88% saying that their security budgets have increased.
 
Nigel Tan is the security leader at IBM Asean.
 
Related Stories:
 
The threat landscape runneth over, here’s what we need to do
 
The six domains of network security, and fighting IT
 
Plugging the gaps in today’s threat landscape
 
Privileged accounts and insider threats
 
 
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.