[BreachExchange] What we’ve learned from malware epidemics

[Inga Goddijn]

http://www.itproportal.com/2016/03/18/what-weve-learned-from-malware-epidemics/

Cybersecurity breaches are the norm rather than the exception today,
although they have changed over the years. They’re rarely the worms
<https://business.kaspersky.com/where-have-all-those-malware-epidemics-gone/2571/>
of early 2000’s fame.

Instead, malware programs lie in wait – sometimes for months at a time –
before springing forth to capture personal identity information (PII),
syphon money to undisclosed locations and accounts, and wreak havoc around
the cyber-sphere.

Over the course of the last decade, as cybersecurity breaches have become
more invasive, everyone on the web has been forced to adapt. Indeed, some
of the most malicious malware attacks in recent years have incited a major
reevaluation of how corporations, security professionals, and individual
users approach data management and protection.
*Major Malware Hacks in the 21st Century *

The Apple ransomware issue
<http://www.usatoday.com/story/tech/news/2016/03/07/first-ransomware-macs-surfaces-and-killed-off/81436340/>
that occurred a few weeks back is just the latest in a slew of
cybersecurity attacks. Other notable malware attacks include the following:

   1. *Apple and the Flashback Trojan*: Mac users once believed their
   devices were impervious to attack until they met the Flashback Trojan
   <http://www.zdnet.com/article/new-mac-malware-epidemic-exploits-weaknesses-in-apple-ecosystem/>
   in 2012. The most frightening aspect of this attack is that it required no
   user interaction in order to spawn.
   2. *Sony Entertainment Pictures and the Destover Wiper*: The Sony hack
   is considered as one of the worst data violations of all time. Hundreds of
   employee records were breached, as well as confidential emails and project
   files.
   3. *Target and BlackPOS*: Target’s infamous cybersecurity breach, which
   occurred during the 2013 holiday season and affected millions of customers,
   happened as a result of an affiliate company being compromised via malware.
   The breach cost Target an estimated $162 million and ended in resignations
   of both the CIO and CEO.

These new malware breach tactics are cause for concern. It’s no longer
enough to protect the perimeter
<http://www.networkworld.com/article/2931587/network-security/breach-detection-five-fatal-flaws-and-how-to-avoid-them.html>,
putting up what co-founder and CEO of the security company Cybereason Lior
Div calls a “moat and castle” defense. Instead, Div says, information
security professionals should adopt a “1,000 points of light” model to
better safeguard business ecosystems against threats that may be working
from the inside out.
*Changing Tactics to Defend Against Malware Attacks*

Higinio “H.O.” Maycotte, founder and CEO of Umbel, compares fighting
attacks like those listed above to chasing bacteria with antibiotics. Security
breaches
<http://insights.wired.com/profiles/blogs/8-infamous-data-breaches-that-help-build-our-collective-data#axzz41kZrtXsl>
are continuously evolving, requiring programmers to stay vigilant and think
of more innovative solutions, particularly as hackers add attacks on
smartphones and connected devices to their arsenals.

Fortunately, every malware attack offers opportunities to improve Internet
security practices
<http://www.bestsatelliteproviders.com/internet-security-tips/> and
processes related to mobile devices and identity and access management.
Here’s a look at some developing cybersecurity tactics and how they can
help make the web more secure for all users.

   1. *Shifting to an Already Compromised Mindset*. Attacks don’t come
   exclusively from outsider threats — they come from inside organisations,
   too. As a result, security professionals have started focusing on what to
   do *when* a breach happens, rather than *if* a breach happens. This
   means preemptively setting up internal system limits to prevent a breach in
   one area from allowing access to data elsewhere, effectively limiting the
   extent of a potential hack.
   2. *Conducting Security Risk Analyses*. Audits and analyses should take
   place regularly, much like an annual visit to the doctor. Companies who do
   a regular audit of security practices and processes will be able to
   identify and address potential vulnerabilities.
   3. *Developing Best Security Practices*. Every business, big or small,
   should start to think about vendors’ security practices, internal rules
   about data storage and transmission, and basic email and Internet safety.
   These processes should be kept in a living document so that they can be
   updated quickly and disseminated easily.
   4. *Managing and Monitoring Access*. Greater breach risk means that
   disorganised identity and privilege management is no longer an option.
   Proper monitoring improves security for a business because it’s clear who
   has access to what information. If a breach occurs, it’s easy to track down
   the culpable device, if not the person responsible.
   5. *Investing in Security Awareness and Training*. Employees who
   compromise security rarely mean to put their employer at risk — often
   they’re just trying to get their work done. Corporations can minimise this
   risk by offering extensive security training and providing the tools and
   resources needed to protect company assets from a breach.
   6. *Automating Security Monitoring Wherever Possible*. Given the scope
   of most companies’ data holdings, exclusively manual monitoring isn’t
   enough. Without automation, a security team could waste a lot of time
   chasing false leads. To combat this, companies should start using automated
   monitoring, which can help document escalations.
   7. *Focusing on the Entire Attack*. Much like a fever shows that a
   patient has an infection running rampant somewhere in their body, so do
   malware symptoms indicate deeper complications. Issues may manifest in one
   location, but it’s likely there are problems elsewhere as well. A thorough
   investigation beyond the apparently affected area can prevent further
   damage down the line.
   8. *Learning From Others*. Malware attacks often move in trends —
   similar variations of a single program may be used to attack several
   different brands or applications. As a result, it’s imperative that
   information security teams stay abreast of recent hacks and breaches. A
   company may be able to boost its defenses by avoiding the mistakes a
   compromised brand made.
   9. *Developing a Response Plan*. Hearkening back to the first point on
   this list, it’s unacceptable to be unprepared for a breach. Companies
   should have a plan in place in case a cybersecurity hack occurs. It’ll
   mitigate downtime and prevent more data from leaking.

Malware epidemics may be the new norm, but information security
professionals aren’t sitting idly by. With a proactive approach and an
adaptable mindset, corporations and security teams can buck the trend of
cybersecurity breaches and provide better protection for users worldwide.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160318/69bc3f24/attachment.html>