Cybersecurity is a hot topic for the year of 2017. Cybercriminals have not been found to discriminate the type of business from which they chose to steal data. TruShield Security Solutions, a cybersecurity company on the rise in the Northern Virginia area, is dedicated to protecting businesses of all types from hackers. Andrew Beach, an Information Assurance Specialist who has worked for TruShield for almost a year now, was kind enough to sit down with me and discuss some of the cybersecurity trends where upticks seem likely in the year of 2017.
A broad kind of malware that often arrives by malicious links in emails, attachments, exploit kits, or a direct visit to a malicious website is how Andrew describes Ransomware. “The general idea is that ransomware locks up a user’s files and or device with some kind of encryption and then prevents them from opening these files unless they meet certain demands to get the encryption key, such as paying a ransom in Bitcoin,” Beach states that all industries can be affected by this type of cyberattack but that Healthcare, Education, and Financial services are regular targets. He says that medium-size companies are also often the victim of these attacks because they may not have the staff to prevent or detect the issue but have a larger financial status from which they can pay the ransom. Beach thinks that the reason that this threat is on the rise is due to the ease in which cybercriminals can capitalize on their work. “Why spend time and effort to break into a highly secured system for data worth one million dollars with a high probability of discovery when you could rapidly compromise 20,000 easy systems more quietly and charge $100 dollars or more to unlock each? Even according to IBM’s figures, the percentage of companies that pay the ransom in this example could easily result in more than one million dollars for an attacker.” (Ransomware Study: Parents will Pay for Digital Memories, 2016).
How to prepare for a Ransomware attack? I’m glad you thought of that, and Beach had an answer for this question for me as well. “A few big ways for a company to prepare for ransomware are to secure paths into the environment with multiple kinds of filtering (email, web, attachment, etc.); to train and educate users; to have regular current backups that are tested along with a plan in place to restore.”
The Internet of Things is something that surrounds most people daily. “Smart” wireless devices and remotely accessible computers are being embedded in more and more appliances and other objects. They can be found in the form of phones, fridges, thermostats, cars, and almost anything your mind can dream up. Our source explained, “One of the most apparent security concerns is that often these IoT devices are being installed and shipped quickly to try to corner the market before being thoroughly tested and configured to avoid vulnerabilities, such as default credentials. When an attacker identifies these vulnerabilities and exploits them, the result is often a large botnet of internet connected compromised devices that can be used for DDoS attacks.”
Ways to keep your information safe in the face of IoT vulnerabilities? “Preparation for IoT threats should at least involve more thorough testing on the manufacturer side, identification of vulnerabilities and flaws by adopting companies prior to implementation, and device hardening with mitigation of vulnerabilities. This should also go hand in hand with solutions related to DDoS mitigation because you could secure all IoT devices within your organization’s scope, only to have compromised devices belonging to home users and less careful organizations utilized to perform DDoS attacks against your systems,” Beach clarified.
While this may seem self-explanatory, mobile malware is simply traditional malware on mobile devices (i.e. smartphones running Android/IOS). Devices become infected through different ways, such as phishing emails, malicious websites, malicious SMS messages, apps that have malicious embedded codes, etc. The main danger with mobile malware is due to the nature of smartphones. These devices have become so critical to everyday life and contain more and more personal data. Beach also brings up the following point, “Mobile devices are often moving from network to network, which can aid the spread of malware. Some mobile malware can also target certain mobile functions for a very specific reason, i.e. targeting a banking app to steal credentials and intercepting two-factor authentication communication to allow fraudulent transactions.”
Mobile Malware is something that everyone should be looking to avoid. Some simple ways to do so include avoiding third-party applications that can’t be traced back to official app stores, carefully examining the creators of, origin, and the app itself prior to installing, and finally preventing wholesale OS modification as well as unnecessary permission requests or modifications when individual apps are installed. Beach also suggested the following, “Companies at a minimum should have user training, a strictly enforced policy against ‘bring your own devices’ (BYOD) on company networks, and mobile device management with device backup, jailbreak/root detection, application control, and antivirus for all devices.”
Be aware, CYBERAWARE, in the year of 2017!
About the contributing author:
Lindsey Dailey graduated from Lafayette College with a major in marketing and a minor in journalistic writing. Lindsey utilizes her marketing skills at TruShield by covering the topics that matter the most in the cybersecurity industry. She has loved technology her whole life though she is new to fusing her two loves together: writing and technology.
Ransomware Study: Parents will Pay for Digital Memories. (2016, December 14). Retrieved May 08, 2017, from http://www-03.ibm.com/press/us/en/pressrelease/51230.wss