Other security threats to worry about
"Organisations are not the only ones innovating; cybercriminals have become more advanced too," said Dave West, Chief Technology Officer, APAC and Japan, Cisco. He added that this year will see a continuation of established attacks on all users. Anticipated cyber attacks include:
- Flash malware
- Browser add-ons, which is the major cause of data leakage
- Malware encouters, especially in the electronics industry.
Likewise, Check Point believes that the year ahead will see an evolution of what has been successful to date. "This means that the top threat witnessed over 2016, namely ransomware, will continue to find new ways to infect victims and get them to pay up. Ransomware is already increasing in sophistication at a rapid pace. One such method involved leveraging a weakness in social media sites whereby users unknowingly download images containing embedded malware," Jarvis explained.
Ransomware attacks on cloud will be a security threat to watch out for this year too. "The cloud is not protected by firewalls or more traditional security measures, so there will be a shift in where enterprises need to defend their data. Cloud attacks could result in multi-million dollar damages and loss of critical data, so the need to defend it will become even more crucial," according to Symantec.
"[Besides that], whaling, or Business Email Compromise (BEC) as it is also known, will also become a frequent headline throughout the year ahead," Jarvis claimed. BEC is the evolution of phishing that targets financial employees, who are tricked into depositing funds into nominated bank accounts. "Considering the average BEC attack is significantly more profitable than that of a ransomware attack, it makes perfect business sense why this will continue as a trend."
To avoid becoming victims of cyber attacks, organisations need to have "an architecture for an adaptive protection process that is capable of addressing all types of attacks, whether advanced or not," said Singh. "Security practitioners must assume that some of these attacks will bypass the traditional blocking technologies and conventional signature-based protection capabilities."
According to West, organisations take an average of three months to detect a cyber security incident, which gives cyber criminals plenty of time to steal data. To reduce this detection period, organisations need to "fortify the weakest links, such as older networking infrastructure; take a proactive approach to patches and upgrades; and take control of critical infrastructure."
"A cyber ready organisation will establish defences against known threats and build a People-Process-Technology methodology to ensure that there is a continual assessment. Such a methodology will consider how to prevent an attack before it happens; detect an attack quickly during its execution and remediate the impact of an attack after it has occurred," he concluded.
Sign up for CIO Asia eNewsletters.