You don't have to be clever to be a cybercriminal
Cybercriminals don't need to be clever and use inventive hacking exploits to breach systems as organizations are making things too easy for them, says a new report.
Intelligence-led computer security testing company SE Labs has released its annual Cyber Threat Intelligence report with a warning that CEOs need to take cybersecurity seriously or risk falling into the clutches of criminals eager to take their data and their money.
The report finds half of US businesses don't take cybersecurity seriously and are largely led by company boards that still don't have an IT security plan. In the UK, this figure is even worse with only 25 percent of organizations paying attention to their cyber safety.
"It should be relatively easy to reach the top 10 percent of most secure companies in the world, the bar is so low," says Simon Edwards, CEO of SE Labs. "This is not surprising when you consider that there is a disparity of 40 to one in the estimated figures of what criminal hackers will cost the rest of the world in the next few years, and the expected expenditure by organizations on cybersecurity. And we're not talking billions here, but trillions of dollars. Even using conservative figures, it's eye-wateringly high."
While some businesses may opt to pay a ransom rather than finance better security it's a risky strategy. 31 percent of organizations hit by a ransomware attack are still unable to retrieve their data, even after they've paid, and the chances of a gang returning to attack another system is high. Businesses should also be aware that the process of unencrypting data and systems isn't always fast either. The difference in efficiency between the various ransomware groups is extremely varied.
Security teams are also facing threats from more advanced attack methods. These include hackers abusing legitimate software running on the network such as PowerShell, to exploiting zero day vulnerabilities, something that was relatively rare until last year.
Multi-factor authentication is also on the attacker's radar. What the report dubs Multi Factor Annoyance is a growing threat as attackers send repeated requests to users in the hope that they eventually press allow presuming that it’s an IT glitch.
The full report is available from the SE Labs site.
Image credit: SIphotography/depositphotos.com