Providers expect to face new cybersecurity threats in 2018
The facts are stark: 58 percent of global enterprises admit to having experienced at least one data breach during the past 12 months, and of these, half say they suffered at least one internal incident, while more than a third endured at least one attack involving a business partner or third-party supplier.
But here’s the kicker—according to Forrester Research’s 2017 global security survey, it was known software vulnerabilities that opened the door to 41 percent of the external attacks.
What does this mean? One example was the sequence of events that followed the leak of the NSA’s EternalBlue exploit—which targeted the Server Message Block (SMBv1) service that Microsoft has default-enabled on every Windows operating system for decades. Despite urgent remediation by Microsoft, the vulnerability was used to perpetrate the massive WannaCry and NotPetya ransomware attacks. More than 230,000 computers in 150 countries were infected within 24 hours of WannaCry’s release, and estimates of total damages had a top end of $4 billion. About a month later, it’s estimated that NotPetya caused another $300 million in damages.
But for CISOs and cybersecurity professionals, the real horror was that these attacks were carried out 60 to 90 days after Microsoft released a fix for the exploit, says senior Forrester researcher Josh Zelonis. That’s why he lists ineffective vulnerability management as the most urgent threat confronting data security managers for 2018.
Vulnerability management needs constant attention. “High-profile breaches are the result of unpatched systems,” Zelonis warns, “and vulnerability management needs board-level attention. While the security of your organization shouldn’t rest on applying patches, the ability to perform rote security tasks such as patch management is a great predictor of overall security posture.”
Here are the other top threats identified by Zelonis, based on a 2017 Forrester survey of 604 network security decision makers worldwide, at firms with 1,000 employees or more:
Insecure cloud services will continue to hemorrhage sensitive data. During the last few years, there have been a number of large data leaks because of misconfigured cloud services such as MongoDB and Amazon’s Simple Storage Service (S3). In the third quarter of 2017 alone, Zelonis notes, major companies such as Time Warner, Verizon and Viacom experienced this type of data leak—losing encryption keys, customer account details and other sensitive data.
Data security professionals need visibility into how their publicly facing services are configured. While this can be accomplished through periodic red team exercises or internal auditing, Forrester recommends working with a digital risk monitoring company to monitor the business’ infrastructure in real time.
The Equifax breach will render knowledge-based authentication ineffective. From Forrester’s survey, 42 percent of breaches target personally identifiable Information, making it the most common type of data targeted by attackers. With the information stolen in the Equifax breach, identity thieves now have everything they need to access an individual’s medical records, bank accounts and tax returns.
Under these circumstances, Zelonis says companies need to treat identity as an assertion and authorize based on confidence. Balancing fraud risk vs. limiting friction to ensure completion of a transaction is something all businesses must now weigh. Lenders, for instance, are putting fraud holds on credit cards when purchasing patterns change. All companies need to begin using customer insight data to perform behavior-based analytics when validating someone’s identity.
Strategic compromise will enable attackers to undermine supply chains. Third-party risk is frequently a result of data shared with partner companies and service providers. Too frequently, supply chain issues that are upstream to an organization are ignored, and incidents go unnoticed and unpublicized.
To correct this, Zelonis recommends performing supply chain threat assessments. Those charged with data security responsibilities should be regularly reviewing the amount of trust placed in suppliers and how software updates are deployed.
Ransomware will expose weaknesses in cybersecurity and business continuity preparations. Ransomware represents a shift by away from more traditional data theft toward direct monetization of system compromise by cybercriminals. A recent joint survey conducted by Forrester and the Disaster Recovery Journal found that three out of every four companies have documented response plans for data tampering, but only one out of four test these plans more than once a year.
Data that is critical enough to back up on a daily basis, Zelonis observes, should be tested more frequently to prepare for what is most likely an inevitable disaster.