Protecting against cyberthreats in the new year

Version 2

    The new year is just around the corner and looking to the future has cybyer security and data breaches on the mind of many. A recent cyber security industry report predicted some of the biggest threats in store for enterprises in 2015, and found that old methods will be employed more often and new targets will be sought out in the coming year.

    Cyber-Security.jpg


    Ransomware
    According to the report, ransomware will become a more widely used form of attack in the newyear. Ransomware saw a lot of success in 2014, and this will likely encourage hackers to employ the technique more frequently in the future. Security researchers believe this type of malicious software could be used to deploy a “time bomb” attack in which multiple assets from the same organization are held simultaneously, forcing firms to pay a higher price than an average individual would to unlock the stolen files.

    Attacks against OS X
    While Mac devices have largely been left alone by cybercriminals in the past, the emergence of multiple zero-day vulnerabilities this year spurred an increase in attacks on the operating system. The platform’s growing foothold in the market also seemed to signal to hackers that targeting Macs was worth the trouble. This practice will likely only increase in the new year.

    With the cyberthreat landscape rapidly evolving and introducing enterprises to new risks, it’s important to strengthen existing network defenses to ensure effective cybersecurity.

    • Assess security posture regularly
      One of the leading causes of cyberattacks is insufficient perimeter defenses. Many organizations don’t realize their systems need patching until it’s too late, and delaying an easy fix can lead to a devastating breach. By applying a few basic security measures and monitoring the status of a network on a regular basis, enterprises can dramatically increase security while freeing up the limited resources of internal IT departments to focus on business-critical operations.
    • Inventory enterprise assets
      By taking a count of why types of devices are connected to an organization’s network, where those devices are located and who they are assigned to, IT departments can more efficiently identify any problems that may occur. Assets that should be inventoried include PCs, mobile devices, USBs, printers, routers and servers. After taking stock of the machines connected to the network, companies should create a written policy to create and maintain a complete and accurate asset inventory and review it at least once a year. Any anomalies or discrepancies should be reconciled and the security of each asset discussed by senior executives.
    • Create key security settings for network defense
      After taking stock of all the different devices and applications running on a network, it’s important to implement a set of trusted and well-known baseline configurations for each type of hardware and system. Once settings have been established, IT decision-makers should make sure to educate employees about why those configurations were chosen and what might happen if they were to be changed. Employee error is a major risk to enterprise cybersecurity, and ensuring each worker understands that they are responsible for maintaining the security of their networks can go a long way to improve a company’s defense standing.