When a cyberattack occurs around the world, many companies tend to put up a defensive posture toward the possibility of an attack within their own space. It tends to be one of those narratives of, “Well, the bad actors didn’t target my market/technology environment, so I don’t have to worry.” This is false and naive thinking. Outside of diligent protective measures, cyberattacks are increasingly hovering nearby.
2018 was full of information breaches and data mining, from nation-state attackers continuing to wage large-scale attacks to ransomware shifting targets from consumers to businesses.
● Formjacking attacks skyrocketed, with an average of 4,800 websites compromised each month.
● Ransomware shifted targets from consumers to enterprises, where infections rose 12 percent.
● More than 70 million records stolen from poorly configured S3 buckets, a casualty of rapid cloud adoption.
● Supply chains remained a soft target with attacks ballooning by 78 percent.
● IoT was a key entry point for targeted attacks; most IoT devices are vulnerable.
Here’s a further summary of the largest exploits of 2018 and the vertical industries that were affected.
Travel industry market
● British Airways — 380,000 records breached
● Orbitz — 880,000 records breached
● Cathay Pacific Airways — 9.4 million records breached
● Marriott Starwood hotels — 500 million records breached
Healthcare industry market
● SingHealth — 1.5 million records breached
● MyHeritage — 92 million records breached
● MyFitnessPal — 150 million records breached
Retail industry market
● T-Mobile — about 2 million records breached
● Saks and Lord & Taylor — 5 million records breached
● SheIn.com — 6.42 million records breached
● Under Armour — 150 million records breached
Social media market
● myPersonality — 4 million records breached
● Timehop — 21 million records breached
● Facebook — 29 million records breached
● Google+ — 52.5 million records breached
● Cambridge Analytica — 87 million records breached
Service industry market
● Ticketfly — 27 million records breached
● Careem — 14 million records breached
● Chegg — 40 million records breached
● Quora — 100 million records breached
● Exactis — 340 million records breached
● Aadhaar — 1.1 billion records breached
Proactive defense is the best solution
Inside Cisco’s 2018 Annual Cybersecurity Report, researchers offered these helpful tips to improve security and reduce exposure to emerging risks. Consider:
● Implementing first-line-of-defense tools that can scale, like cloud security platforms.
● Confirming that they adhere to corporate policies and practices for application, system, and appliance patching.
● Employing network segmentation to help reduce outbreak exposures.
● Adopting next-generation endpoint process monitoring tools.
● Accessing timely, accurate threat intelligence data and processes that allow for that data to be incorporated into security monitoring and eventing.
● Performing deeper and more advanced analytics.
● Reviewing and practicing security response procedures.
● Backing up data often and testing restoration procedures—processes that are critical in a world of fast-moving, network-based ransomware worms and destructive cyber weapons.
● Reviewing third-party efficacy testing of security technologies to help reduce the risk of supply chain attacks.
● Conducting security scanning of microservice, cloud service, and application administration systems.
● Reviewing security systems and exploring the use of SSL analytics—and, if possible, SSL decryption—as soon as possible.
Moving forward and defending environments
Machine learning and artificial intelligence capabilities will be effective tools to prevent or detect the use of encryption for concealing hostile activity. Between malware within encrypted web traffic and insiders sending sensitive data through corporate cloud systems, it’s important embrace forward-thinking methods to stay a step ahead.
Do you want to better protect your data? Cyber Solutions Technologies can help your business. Contact us today for an expert consultation.