printer friendly version

New defence approaches required

The world is witnessing a proliferation of global malware and other cyber-attacks, with the number of breaches escalating. Coupled with this the growth in the value of crypto currencies is creating new areas of vulnerability and making the move from physical to digital even more pronounced.

In this rapidly evolving environment, we cannot expect traditional security strategies to remain effective.

Traditionally the key fundamentals of security have been firewalls, IDS and anti-virus. But escalating data breaches illustrate that focusing on these basics alone is no longer effective.

2019 must be the year for enhanced visibility, regardless of where a company’s perimeter is located. The days of single breakouts and in-house applications are over; therefore, the future-proof strategy must expand the definition of the ‘boundary’ beyond physical buildings and defending against external threats. Now, the perimeter must look both ways to protect against threats from the inside where a massive hole could be waiting to be exploited.

Visibility is top of the priority list in the world of the cloud

Security must take into account who and what is already within the confines of the environment, asking what users do with information and how they are accessing applications. It must take into account that users access business systems remotely, and that critical systems and data are now stored, accessed and created out in the cloud.

Business must focus its cybersecurity strategies on delivering full visibility across all business systems. Information security must ensure that it knows what behaviours are taking place across both its physical and virtual environments. Visibility makes it possible to respond with speed to potential breaches as indicated by behavioural changes or anomalies.

Effective monitoring with the ability to instantly respond will eliminate down time and ensure ongoing business operations and the capability of securing your businesses in a digital world.

Crypto-mining attacks will form a massive part of the 2019 threat landscape

Mining is the process of adding transaction records to Bitcoin's public ledger of past transactions - a ‘mining rig’ is a colloquial term for a single computer system that performs the necessary computations for ‘mining’.

In this instance the attacker deploys a piece of malware that uses the infected machine’s processing capacity to run calculations to mine crypto currency. There are miners for different types of crypto currency, including newer ones as these require fewer calculations. The modern crypto miner has built-in intelligence which stops working when the user is logged in and performing their normal work. When they are idle or away from their machine, the crypto miner kicks in once again.

Therefore without adequate monitoring on what is really running on your machines, these attacks can go undetected for very long periods.

Ransomware attacks will continue, but due to better backup and recovery planning this is not as effective as in the past. A crypto miner starts to generate revenue for the attacker from day 1 and for as long as it is not detected. This is also very simple for unmonitored insiders to deploy themselves. I think this will be a massive part of 2019 threat landscape.

Organisations need to work on the Assume Compromise principle. You need to understand that security layers will fail, firewalls will miss attacks, end point protection will fail and users will compromise the systems in place. With visibility, you understand what is normal – what needs to be improved is the capacity of organisations to identify what is different.

Attacks will continue to grow because attack tools are more readily available and almost all attackers are unsophisticated and simply by continually doing the basics and having effective monitoring you will be able to stop almost all of these. It is imperative to make your attack surface smaller.

The biggest risk in 2019 remains the same – Users!

The busy modern, hyper-connected user can and will compromise your environment, most of the time by accident. The user is where the biggest real risk sits, but the modern user cannot work with traditional ‘lock and block’ scenarios. 2019 strategic trends should see users being brought into the picture by providing them with the power to identify and help prevent cyber-attacks.

In 2019 the forward-looking cyber security plans must do everything possible to empower the user to fight against cyber-attacks. Utilising effective technology to provide you and your users with full visibility into risky activity and immediately identify anomalies will be the key to staying un-breached throughout 2019.

For more information contact J2 Software, +27 87 238 1870, john@j2.co.za, www.j2.co.za

Share this article:

Further reading: