With all the threats that have occurred lately (Wannacry, Qakbot, Zomato breach, etc.), it is clear that these events touch almost everyone. Cybercrime is industry-agnostic; a democratic thief, if you will. The 2017 Verizon Data Breach Investigations Report (VDBIR) illustrates just how far-reaching cybercrime has become in our daily lives.
You can hardly go a week without the mainstream media reporting another major incident or breach. It’s become commonplace to hear that millions of private records have been disclosed or a major ransomware attack has occurred.
Let’s look at some of the trends and recommendations covered in the Verizon report.
Cybercriminals continue to use malware to wreak havoc: the use of malware increased from 33 percent to 51 percent of all threats containing or using some form of malware in 2016 - this is a 55 percent year over year (YoY) growth. Today’s malware is more toxic than in previous years, with new variants like those generated by Cerber morphing as often as every 15 seconds, making it difficult for signature-based defenses to keep up.
The use of preventative prediction to stop malware is becoming one of the only mechanisms to prevent both known and unknown attacks before they are ever developed. Cylance calls this the Temporal Predictive Advantage, which is a measurement of how far in advance artificial intelligence (AI) models are able to predict malware and autonomously prevent it.
Over a billion credential sets were stolen in 2016 - more than three times greater than the previous high-water mark in 2013. The percentage of hacking-related breaches involving the misuse of stolen or weak credentials has now reached 81 percent. The finance and healthcare industries are particularly prone to damage and breach due to stolen credentials.
There is a better way of authenticating users by using AI models to predict user behavior and movement. Leveraging AI to provide continuous authentication will be an important tool to stop the potential impact of stolen credentials.
Ransomware moved from its position as 22nd most common malware to the fifth in 2016 – quite a jump. Ransomware hit some industries particularly hard, notably healthcare, where it caused over 72 percent of malware incidents. Innovations by attackers, such as enabling organizations to pay ransoms anonymously via bitcoin (BTC), contributed to this increase as well as the fact that many organizations chose to pay the ransom rather than risk losing their data forever.
As evidenced by the latest WannaCry ransomware attack, the techniques that cybercriminals are using to exhort profit from individuals and companies are far-reaching and are becoming more and more sophisticated. WannaCry used multiple techniques (exploits, worm, dropper, decryptor, etc.) to infect and propagate, which makes this ransomware difficult to detect with non-predictive protection technologies.
Phishing is still a highly successful tactic, with many users still being phished via a link or email attachment. In 95 percent of phishing attacks that resulted in a breach, a software installation occurred, which means that an employee fell for a phishing email, clicked on a link, or merely opened the email, and malware was executed on their endpoint. Deploying a solution with pre-execution prevention capabilities is the best way to prevent any malware installations.
The DBIR did make some important recommendations that are worth noting and acting upon, which include:
Be Prepared - It is not if, but when a breach occurs. Be sure to develop an internal response plan, and practice your disaster and recovery plans annually/biannually to make sure you are adequately prepared for any unreasonably high traffic densities.
“All Aboard!” - Train your employees on security awareness and encourage/reward them for reporting suspicious activity, such as potential phishing or pretexting attacks.
It’s Not That I Don’t Trust You, But… - Keep an eye on employees and periodically monitor their activities. Do not give them permissions they do not need in order to do their job, and make sure you disable accounts immediately upon termination or voluntary departure.
Taunt Them a Second Time - Use two-factor or multi-factor authentication to help secure accounts based on the web. Where feasible, tokenize sensitive information (such as social security numbers) when it is only used to identify a record.
Proactive security solutions that prevent attacks and identify threats before they strike, bring about a new level of security, performance, and cost savings. Cylance’s machine learning and AI-based products have reinvented endpoint protection by providing predictive, preventative approaches that proactively stop attacks before they start.
We recommend you test the power of AI for yourself to see how it will make an impact in preventing today and tomorrow’s threats. Request a POC or demo today.