The best way to protect an enterprise against malware used to be to protect the perimeter. Emails and their attachments were scanned. USB sticks and other media were either banned completely or carefully checked. Staff were not allowed to attach their own devices to networks without the express permission of the IT department. For better or worse those days are over. Staff and guests now expect to be able to link their own phones and tablets to corporate networks. The use of cloud services and remote access to enterprise applications means the perimeter has grown exponentially. Attacks are now possible on Android, iOS and Linux, not just Windows. This means the old, reactive types of cyber security are being replaced with more proactive systems. Enterprises need to do more than just react when breaches or attempted attacks are made. They also need tools to help deal with a problem which is increasing exponentially. Automated systems are vital in order to deal with the hundreds or thousands of reports being created by scanning so many different devices and different operating systems. The other change is that attacks now are focussed on financial gain. The massive growth in ransomware is just one example. Attackers no longer need sophisticated hacking skills – ransomware is now available ‘off-the-shelf’ from malware portals and only requires attackers to send onto victims. Old types of ransomware – which typically encrypt business systems and data and demand payment in exchange for decryption keys – needed users to click on email attachments. But newer types use Javascript and can be activated with minimal user action and are much more difficult for security systems to detect. Attackers are increasingly going after companies’ key applications and the data they hold. Traditional email scanning, and regular staff training, can help prevent many ransomware attacks. But the next generation malware is much harder to spot. These attacks are also carefully targeted at specific vertical markets. The early part of 2016 saw attacks in the US, UK and Europe on hospital systems. The worst of these attacks left a hospital forced to turn away emergency patients because systems were simply unavailable. It is believed that more than one of these hospitals was forced to pay a ransom in order to restore access to key systems. HPE found almost half of enterprises now proactively monitor outward facing applications for security-related events. Researchers also saw the beginning of a shift in the ‘reactive-proactive’ balance. Although accepting that security intelligence systems are not cheap, and implementation not without risks, the potential savings for businesses which can predict and spot upcoming attacks will be huge. There is also an acceptance of dealing with attackers as a business – they are looking to make a profit on money invested. So security systems need to make being a bad guy more expensive, more time consuming and more risky. Or as HPE researchers put it: “While the threat of cyber-attack is unlikely to go away, thoughtful planning can continue to increase both the physical and intellectual price an attacker must pay to successfully exploit an enterprise.”
Content from our partners
