Cybercriminals are becoming better organized and more sophisticated in their exploits. That’s causing enterprises to increase spending to protect their most valuable assets.
The average cybersecurity investment will grow around 15 percent a year through 2021, predicts Cybersecurity Ventures. Some organizations are spending even more. J.P. Morgan Chase doubled its annual cyber security budget to half a billion dollars.
Such increases demonstrate the magnitude of the problem. Here’s what you can expect in 2017:
Last year the number of phishing attacks increased dramatically. That’s likely to continue. On average, 200,000 malware samples were discovered every day last year, according to the non-profit Anti-Phishing Working Group.
These attacks are becoming more multifaceted and difficult to block. They combine phishing with other criminal techniques, including ransomware, remote execution and privilege escalation.
Multifactor authentication is a powerful way to block attackers. It requires users to present different forms of identification before logging in — for example, a username and password plus fingerprint. Fortunately, a growing number of websites now support two-factor authentication.
But unfortunately, adoption of multi factor authentication is likely to remain low. As a result, attacks like the recent Yahoo! breach, in which attackers leveraged poor account authentication, are likely to become even more common this year. Even the best protections can’t work if users won’t employ them.
The Internet of Things is proving to be a field day for hackers. One of their more potent techniques combines familiar distributed denial of service (DDoS) attacks with IoT botnets that can penetrate embedded devices like IP-enabled surveillance cameras and routers.
Many organizations will find that their endpoint protection and firewalls are increasingly vulnerable. That’s because most IoT breaches operate under the radar of these security measures. It will be some time before most security pros can effectively track and prevent IoT exploits.
Memory-resident malware loads its malicious code into the memory space of either a legitimate process or file. The code stays there until it’s triggered. That’s bad enough. But memory-resident malware can also be used to trigger zero-day attacks, in which hackers plan attacks before or on the day when a vulnerability is publicly reported, making them almost impossible to prevent.
To be sure, there’s a very easy way to wipe out this type of malware: simply reboot the infected system. But with most PCs far more stable than ever, people run their machines longer utilizing sleep mode, saving reboots only for system updating, giving these infections more time to do their worst.
In-house security operations centers (SOCs) may sound like a good protective measure. But in fact, many are playing a dangerous game of catch-up.
A recent security report finds that one in four SOCs are reactive rather than proactive. The survey also found that most SOCs use ad-hoc triage procedures and nearly all are overwhelmed by the sheer number of daily alerts.
Rather than trying to do it all on your own, many IT departments are turning to managed security services.
Masergy offers managed security solutions that apply advanced analytics to filter customers’ security alerts and reduce the number of false positives that IT departments must deal with. Our Security Control Center experts provide 24×7 monitoring of customer networks to help detect and mitigate security breaches in record time.
To learn more about managed security services, read our white paper: There’s Help for CISOs Overwhelmed By Cyber Security Threats