<div dir="ltr"><span style="color:rgb(0,0,255)"></span><a href="http://www.itproportal.com/2016/03/18/what-weve-learned-from-malware-epidemics/">http://www.itproportal.com/2016/03/18/what-weve-learned-from-malware-epidemics/</a><br><p>Cybersecurity breaches are the norm rather than the exception today,
although they have changed over the years. They’re rarely the <a href="https://business.kaspersky.com/where-have-all-those-malware-epidemics-gone/2571/" target="_blank">worms</a> of early 2000’s fame.</p>
<p>Instead, malware programs lie in wait – sometimes for months at a
time – before springing forth to capture personal identity information
(PII), syphon money to undisclosed locations and accounts, and wreak
havoc around the cyber-sphere.</p>
<p><span class=""></span></p>
<p>Over the course of the last decade, as cybersecurity breaches have
become more invasive, everyone on the web has been forced to adapt.
Indeed, some of the most malicious malware attacks in recent years have
incited a major reevaluation of how corporations, security
professionals, and individual users approach data management and
protection.</p>
<h3><strong>Major Malware Hacks in the 21st Century </strong></h3>
<p>The Apple <a href="http://www.usatoday.com/story/tech/news/2016/03/07/first-ransomware-macs-surfaces-and-killed-off/81436340/" target="_blank">ransomware issue</a>
that occurred a few weeks back is just the latest in a slew of
cybersecurity attacks. Other notable malware attacks include the
following:</p>
<ol><li><strong>Apple and the Flashback Trojan</strong>: Mac users once believed their devices were impervious to attack until they met the <a href="http://www.zdnet.com/article/new-mac-malware-epidemic-exploits-weaknesses-in-apple-ecosystem/" target="_blank">Flashback Trojan</a> in 2012. The most frightening aspect of this attack is that it required no user interaction in order to spawn.</li><li><strong>Sony Entertainment Pictures and the Destover Wiper</strong>:
The Sony hack is considered as one of the worst data violations of all
time. Hundreds of employee records were breached, as well as
confidential emails and project files.</li><li><strong>Target and BlackPOS</strong>: Target’s infamous
cybersecurity breach, which occurred during the 2013 holiday season and
affected millions of customers, happened as a result of an affiliate
company being compromised via malware. The breach cost Target an
estimated $162 million and ended in resignations of both the CIO and
CEO.</li></ol>
<p>These new malware breach tactics are cause for concern. It’s no longer enough to <a href="http://www.networkworld.com/article/2931587/network-security/breach-detection-five-fatal-flaws-and-how-to-avoid-them.html" target="_blank">protect the perimeter</a>,
putting up what co-founder and CEO of the security company Cybereason
Lior Div calls a “moat and castle” defense. Instead, Div says,
information security professionals should adopt a “1,000 points of
light” model to better safeguard business ecosystems against threats
that may be working from the inside out.</p>
<h3><strong>Changing Tactics to Defend Against Malware Attacks</strong></h3>
<p>Higinio “H.O.” Maycotte, founder and CEO of Umbel, compares fighting
attacks like those listed above to chasing bacteria with antibiotics. <a href="http://insights.wired.com/profiles/blogs/8-infamous-data-breaches-that-help-build-our-collective-data#axzz41kZrtXsl" target="_blank">Security breaches</a>
are continuously evolving, requiring programmers to stay vigilant and
think of more innovative solutions, particularly as hackers add attacks
on smartphones and connected devices to their arsenals.</p>
<p>Fortunately, every malware attack offers opportunities to improve <a href="http://www.bestsatelliteproviders.com/internet-security-tips/" target="_blank">Internet security practices</a>
and processes related to mobile devices and identity and access
management. Here’s a look at some developing cybersecurity tactics and
how they can help make the web more secure for all users.</p>
<ol><li><strong>Shifting to an Already Compromised Mindset</strong>. Attacks
don’t come exclusively from outsider threats — they come from inside
organisations, too. As a result, security professionals have started
focusing on what to do <em>when</em> a breach happens, rather than <em>if</em>
a breach happens. This means preemptively setting up internal system
limits to prevent a breach in one area from allowing access to data
elsewhere, effectively limiting the extent of a potential hack.</li><li><strong>Conducting Security Risk Analyses</strong>. Audits and
analyses should take place regularly, much like an annual visit to the
doctor. Companies who do a regular audit of security practices and
processes will be able to identify and address potential
vulnerabilities.</li><li><strong>Developing Best Security Practices</strong>. Every business,
big or small, should start to think about vendors’ security practices,
internal rules about data storage and transmission, and basic email and
Internet safety. These processes should be kept in a living document so
that they can be updated quickly and disseminated easily.</li><li><strong>Managing and Monitoring Access</strong>. Greater breach risk
means that disorganised identity and privilege management is no longer
an option. Proper monitoring improves security for a business because
it’s clear who has access to what information. If a breach occurs, it’s
easy to track down the culpable device, if not the person responsible.</li><li><strong>Investing in Security Awareness and Training</strong>.
Employees who compromise security rarely mean to put their employer at
risk — often they’re just trying to get their work done. Corporations
can minimise this risk by offering extensive security training and
providing the tools and resources needed to protect company assets from a
breach.</li><li><strong>Automating Security Monitoring Wherever Possible</strong>.
Given the scope of most companies’ data holdings, exclusively manual
monitoring isn’t enough. Without automation, a security team could waste
a lot of time chasing false leads. To combat this, companies should
start using automated monitoring, which can help document escalations.</li><li><strong>Focusing on the Entire Attack</strong>. Much like a fever
shows that a patient has an infection running rampant somewhere in their
body, so do malware symptoms indicate deeper complications. Issues may
manifest in one location, but it’s likely there are problems elsewhere
as well. A thorough investigation beyond the apparently affected area
can prevent further damage down the line.</li><li><strong>Learning From Others</strong>. Malware attacks often move in
trends — similar variations of a single program may be used to attack
several different brands or applications. As a result, it’s imperative
that information security teams stay abreast of recent hacks and
breaches. A company may be able to boost its defenses by avoiding the
mistakes a compromised brand made.</li><div class="">
</div><li><strong>Developing a Response Plan</strong>. Hearkening back to the
first point on this list, it’s unacceptable to be unprepared for a
breach. Companies should have a plan in place in case a cybersecurity
hack occurs. It’ll mitigate downtime and prevent more data from leaking.</li></ol>
<p><span class=""></span></p>
<p>Malware epidemics may be the new norm, but information security
professionals aren’t sitting idly by. With a proactive approach and an
adaptable mindset, corporations and security teams can buck the trend of
cybersecurity breaches and provide better protection for users
worldwide.</p>
<em></em></div>