This week’s Security Central takes a look at key takeaways from the 2017 annual RSA cybersecurity conference, peeks inside a new Tripwire study highlighting the reality that organizations lack the technology to address top attack types, and peeks inside the new tool from Mimecast designed to combat internal email threats.
This year’s annual RSA cybersecurity conference was brought to attendees by the color red. Cybersecurity threats have reached a whole new level, described as having earned “Code Red” status by Avivah Litan, a security analyst with Gartner. The weight of this new reality was palpable among attendees at the show.
Attacks and hackings, particularly those carried out by groups backed by foreign governments, are not exactly new, but they have become much, much more severe in the last year. Not only that, but new advanced, even more intricate cyber horrors have cropped up - think DDoS attacks. So long, Internet. These high-profile attacks and attempts “have opened the public’s, and the government’s, eyes that the problem is bigger than they thought it was,” said Gus Coldebella, an attorney with the law firm Fish & Richardson and former acting General Counsel of the U.S. Department of Homeland Security under the Bush administration.
Usually, the discussions at the RSA conference center around threat vectors, hacking and the overall state of security. But this year, the air was different. More tense and apprehensive. According to an article by USA Today, the concern felt and shared by the approximately 40,000 attendees at this year’s show is unprecedented. Between Russian involvement in the presidential election and their continued presence in U.S. affairs, the DDoS attack that took out several large sites for an entire day back in October, the rise of ransomware attacks and a rapidly-growing list of rather huge companies (*cough* Yahoo) falling prey to devastating hacks, it’s no wonder the mood was a bit subdued.
"We are in a fundamentally different environment,” said Bruce McConnell, a global vice president at the EastWest Institute where he heads the cooperation in cyberspace initiative.
The aforementioned topics - countries like Russia meddling in U.S. affairs, botnet wipeouts and ransomware - were the three most discussed topics at the conference, according to USA Today. In terms of the channel, these new, scary types of threats present both big opportunities and challenges for VARs and MSPs. There are several key things to remember and implement. “Security can be a competitive factor for the channel,” said Ron Culler, the CTO at Secure Designs, Inc. in a statement to our own Charles Cooper last week. “A lot of VARs and MSPs are already doing things like managing patches and updates on their customers’ equipment. Instead of a company putting something out there and hoping that everything’s OK, you have someone sitting there who is monitoring the system, keeping it up to date and reporting on what’s going on so as to be able to handle issues when things change.”
Our second story take a look at a recent Tripwire study which highlights the unfortunate fact that a mere three percent (yes, three) of organizations have the technology and only 10 percent have the skills in place to properly address and have any hope of thwarting today’s top attack types. These stats lay bare the gaping holes in organizations’ cyber-defenses and systems, and are likely the reason VARs and MSPs lose sleep at night. According to the study, as reported by Security Magazine, ransomware has the potential to do the most devastating damage to organizations in 2017, yet not even half of those surveyed have the skills or the technology to effectively address it. Still? Even after everything that went down in 2016, the percentages are still that low?
“The results of this study highlight that there are very few organizations equipped to deal with all of today’s major attack types. Most organizations can reasonably handle one or two key threats, but the reality is they need to be able to defend against them all,” said Tim Erlin, senior director of IT security and risk strategy for Tripwire. “As part of the study, we asked respondents which attack types have the potential to do the greatest amount of damage to their organization. While ransomware was cited as the top threat, all organizations were extremely concerned about phishing, insider threats, vulnerability exploitation and DDoS attacks.”
Here are some of the other key takeaways from the report:
- The enforcement of foundational security controls is challenging, with 65 percent of respondents indicating they lack the ability to effectively enforce them.
- Sixty-four percent of respondents believe financial services will be hit hardest by cybercriminals in 2017.
- While U.S. respondents were more concerned about the health care sector (46 percent), European respondents were more concerned about telecommunications companies (59 percent).
More good things to keep in mind as we enter further into what has already been a challenging 2017. We wrap up the week by examining some recent research conducted by Mimecast and Forrester Research regarding the significant risk organizations face from insider threats that leverage email. Whether it’s a malicious insider looking to exploit systems or an employee who breaks IT policy and accidentally exposes data, insider threats are a growing concern. In fact, every firm surveyed has experienced some form of insider incident in the past 24 months.
According to the report, email is still a critical component of every day business activity, and a significant channel through which employees communicate and interact with each other and people around the globe. outside world. It should come as no shock, then, that email represents a significant, ongoing security vulnerability for many organizations. The report states that over a third of firms have experienced some information loss, theft, or attack via email within the past two years, (phishing attacks are reportedly the most common).
A few other highlights from the report include:
- 40% of respondents experienced business email compromise/impersonation leading to fraud, credential theft or data loss
- 64% of respondents said that non-malicious insiders cause at least moderate financial damage
- 64% of respondents said malicious insiders caused at least moderate financial issue and 57% said they had a moderate problem in terms of productivity loss
So, giant heads up for channel folks - email cannot be overlooked as a major source of security vulnerability for your customers.
The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.