With around 100 terabytes of data compromised and up to €90 million in damages inflicted, the Trend Micro 2014 security report unsurprisingly highlights the Sony hack as characterising a bad year for cybersecurity.
The annual security roundup report, entitled “The High Cost of Complacency,” which was presented in Cork, and emphasised that cybercriminals are relentless with “ever-increasing levels of sophistication and tenacity”.
The report singled out some primary themes from the security incidents and breaches.
No small threats
No threat is too small states the report. In many cases, the report argues, it did not take a sophisticated piece of malware to cripple a target, but rather attackers are using a simple wiper to breach company’s defences with devastating effects.
It also emerged that attacks on software and platforms not thought to be at risk proved that no application was invulnerable in 2014.
Point-of-sale (PoS) RAM scrapers came close to becoming a mainstream threat in 2014, said the report, as several high-profile targets lost millions of customer data to attackers month after month.
It also emerged that attacks on software and platforms not thought to be at risk proved that no application was invulnerable in 2014.
Online and mobile banking too faced bigger security challenges and are proving that two-factor authentication is no longer enough to secure sensitive transactions.
Ransomware in 2014, the report states, became a bigger and more sophisticated threat across regions and segments. And unlike older variants no longer just issue empty threats but actually encrypt files.
The report shows how destructive attacks could be to individuals and companies alike in 2014. The effects of losing massive amounts of confidential data to attackers, such as substantive financial losses and irreparable reputation damage, ran rampant throughout the year, it argued. The report states that the severity of the attacks and their effects revealed one thing — the risks of becoming the next victim of a cyberattack have gone even higher.
Various companies suffered financial, legal, operational, and productivity losses after getting hit by massive data breaches. Breaches across industries aided by PoS RAM scrapers increased in number in 2014. The year was not solely marred by the biggest breaches seen to date though, according to the report, as attacks targeting vulnerabilities like Heartbleed and Shellshock in widely used, previously considered secure open source software as well as FakeID and Same Origin Policy (SOP) Bypass in mobile devices and platforms were also seen. Established processes like two-factor authentication also proved vulnerable to threats, as evidenced by attacks instigated by the criminals behind Operation Emmental.
More crippling attacks
Trend said that as in the near future, more crippling attacks against both likely and unlikely targets become increasingly likely. Attackers will always trail their sights on one thing — profit. They will continue to indiscriminately hit data gold mines because peddling stolen information is a lucrative business, as evidenced by the thriving cybercriminal underground economy.
“It is everybody’s job – not just those of IT professionals – to ensure that the company’s core data stays safe. All in all, it’s a combination of identifying what’s most important, deploying the right technologies, and educating users,” said Raimund Genes, CTO, Trend Micro.
The report said that there was also confirmation of Trend’s late 2013 prediction that one sizable data breach would occur every month, further emphasising the need for organisations to protect networks and implement intrusion detection, it warned.
“The past year was unprecedented in terms of the size and scope of cyberattacks as evidenced by the Sony situation. Merely dealing with threats as they surface is no longer enough, acting on risk assessment results prior to security incidents is actually more beneficial. Organisations need to rethink their current cybersecurity investments so they can easily respond to and mitigate attacks. Planning ahead so they can instantly take action if they need to is critical because these kinds of cyberattacks can happen to companies in any industry and to whatever size.” said Simon Walsh, Senior Engineer at Trend Micro’s EMEA headquarters in Cork.
The full report is available here.
TechCentral Reporters
Subscribers 0
Fans 0
Followers 0
Followers