December 6, 2016The end of a year is often a time of reflection as organizations focus on what they might do differently in the year to come, how they might align themselves against their competitors, and up their game. As organizations think through their cybersecurity strategy for the coming year the challenge they face is how to plan for success.
This past year we’ve seen how cybercriminals continue to become more sophisticated and insidious by constantly revising, updating and re-inventing their tactics and technologies to launch attacks. We’ve seen our share of DDoS attacks, key political figures emails hacked, and ransomware attacks. Recently, we saw cybercriminals target the San Francisco Municipal Transportation Authority with a ransomware attack. Free rides for all! And, that wasn’t San Francisco offering an early holiday gift to locals.
Knowing 100 percent protection against today’s cyber threats is not realistic - cyber resilience becomes the name of the game. Building a cyber resilience strategy that layers state-of-the-art preventative systems, point-in-time recovery measures, and a means to maintain continuity during an attack can make a significant difference in fending off the myriad of sophisticated threats. We can’t predict all the attacks coming but we can build in cyber resilience and learn from what we have already seen.
Although we may not know all the answers of what’s to come, based on what we’ve seen over the year here are a few attacks that we, at Mimecast, think will rise up 2017:
- The Rise of Cyber Gangs - The past year has been rampant with attacks, and it’s only going to get worse. Not just in the number of attacks, but the sophistication. Attackers have been getting smarter, their data gathering techniques more sophisticated, and they’re becoming more organized. In 2017, we’ll likely see growing groups of attackers, as well as a network of shared information they’ve stolen. These groups will also likely clash, and we’ll see attackers going after each other as well as these virtual gangs grow, gain resources, and fight over territories in the digital landscape. As we all know everyone needs to protect against these threats, by taking a layered approach and ensure they have a proper cyber resilience strategy in place to combat these threats. But that can sometimes be out of reach for many organizations as they are always strapped for resources, budget and then management of said layers. Thus the massive shift of organizations moving to a cloud security strategy where you can get advanced security capabilities that would be out of reach to try and build on premise.
- Ransomware Continues to Evolve yet don’t take your eye off other threats - Ransomware will explode to become one of the biggest threats, fuelled by smaller ‘opportunist’ attackers using off-the-shelf kits to deploy malware. This is an easy and cheap attack method that produces fruitful results. Few organizations have effective defenses against this type of malware and now with bitcoins enabling the perpetrators to increase the distance from their victims further, it has never been so easy to get away with it. In the coming year, we should also expect more crypto-lockers and evolving forms of ransomware that deny access to desktops, network drives, and cloud services. And just as you focus your attention on ransomware issues you can’t be caught off guard by adversaries impersonating the CEO to transfer thousands of dollars to an offshore account or by basic phishing attacks that will cause employees to launch attacks on your organization.
Focus on Data Mining - One theme that is still overlooked is that it’s not just about wire transfers. Attackers aren’t just focused on money, they’re focusing on data mining and will use the data they gather in more advanced attacks to gather important data to be either sold on the Dark Web or used in future attacks. (Remember the W-2 fraud uptick earlier this year? We’re heading into tax season and can expect to see this again.) While Wire Transfer fraud is and will be an issue in the future, organizations need to also think about where else they’re susceptible and ensure they have the appropriate protective measures in place. Backups are essential, but the evolution of ransomware is staggering and organizations need to ensure their gateway, firewall, endpoint and other security solutions are consistently up-to-date.
- Cyber Espionage to Cause More Political Disruption - Nation states and their sponsored operatives will use cyber espionage more and more to cause political shifts, disruption, and to gain economic advantage. This will involve, but will not be limited to, email hacking and disclosure of other forms of intercepted private communications, disruption of and interference with critical national infrastructures (Stuxnet 2).
- Reigning-in Data Residency and Governance – The impending GDPR will focus European organizations on improving their security and privacy programs significantly in 2017. And, at the same time increased state-sponsored attacks will lead to more stringent rules around data residency and governance, as well as state firewalls being considered to mitigate threats and allow a regional business activity to continue. Advancements in managing internet traffic from different geographies may also become a focus as global trade landscape changes.
- Impersonation Attacks in the Spotlight - 2016 has been the year of ransomware and it’s no secret that social engineering attacks, like phishing, spear-phishing, and domain spoofing have grown from being a nuisance to a huge problem. However, one of the lesser publicized problems is impersonation attacks. Whaling attacks can cost organizations millions in financial losses. In fact, according to the U.S. Federal Bureau of Investigation, whaling attacks led to more than $2.3 billion in losses over the last three years. We expect to see whaling attacks as the next “it” attack flooding the media.
- Macro Malware Still in the Game – Once thought of as a thing of the past, macro malware has reared its ugly head into the ring of attack methods cybercriminals are using. While most organizations choose to block executable attachments at the gateway by default, they must still allow files, such Microsoft Office documents, to pass freely if employees are to be productive. Attackers exploit this by weaponizing files in these common formats. According to our own research, we found that 50% of firms have seen email attacks that use macros in attachments increase over the last year. Why? Well, it’s such a simple tactic with little proactive AV detection, and that’s why we’ll continue to see waves of Macro malware into next year and beyond.
Taking the time to reflect on all the ups and downs we’ve seen in cybersecurity over the last year, offered me greater clarity into what we may expect to see in 2017. Stay safe this holiday season, as it’s unlikely that attackers will all be taking the holidays off…
What do you think the New Year may bring? Voice your comments below.
December 5, 2016We are very pleased to share that Mimecast recently won two industry security awards.
Firstly, Mimecast won Security Vendor of the Year at the CRN Channel Awards 2016 held in London at the Battersea Park Events Arena.
With Office 365 adoption growing rapidly, credit should go to Microsoft who won Vendor Innovation Award and also Cloud Services Vendor of the Year.
Mimecast would also like to congratulate our partners who were also successful in the awards:
- Trustmarque (part of Capita plc), won Public Sector Provider of the Year
- Mirus IT won SMB Reseller of the Year, while Softcat won Reseller of the Year.
- Martin Hellawell from Softcat also picked up a Channel Achievement Award.
Then last week, Mimecast also won the Email Security Award at the Computing Security Excellence Awards at the Hilton Tower Bridge in London.
These awards pitted Mimecast Email Security with Targeted Threat Protection against a host of other services, including Microsoft Office 365.
Judges analysed the market need, functionality, competitive differentiation and adoption of Mimecast – including reviewing customer case studies.
I’d like to thank all the Mimecast customers who allowed us to use their testimonials as part of our entries.
November 29, 2016Nowadays, no one is safe from being the target of a cyberattack, especially as more businesses move to the cloud: The U.S. SMB cloud computing and services market is expected to grow from $43 billion in 2015 to $55 billion in 2016.
This means that organizations across all industries globally have a lot to worry about when it comes to security, as ransomware, phishing and impersonation attacks are only becoming more sophisticated and damaging. But according to new data, small and mid-sized businesses are especially prime targets – they are hit by 62 percent of all cyberattacks, about 4,000 per day.
Cyberattackers will do anything they can to infiltrate your organization, even if it means playing dirty. Through tactics like social engineering, attackers identify their target. Then, they use email, almost always, as an entry point to steal data, employees’ personal identification information, tax documents, and cash – they can even hold your systems hostage and put productivity into lockdown.
What does all of this mean? For most businesses, cyberattacks can result in downtime, data, and financial loss. However, medium enterprise businesses have a lot more to lose. The U.S.’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their business over six months after a cyberattack. And, according to the Ponemon Institute, the average price for small businesses to clean up after they have been hacked stands at $690,000 – for midsized companies, it’s over $1 million.
Being a medium enterprise means you need a plan. Today, defending against insidious attacks requires a broader focus, beyond just security. You need a realistic approach to cyber resilience planning that spans security, data protection, businesses continuity and end-user empowerment. Medium enterprises are often high growth, increasingly complex and global. And, they don’t always have large IT or security teams, or budgets. This means they have high-level requirements without large enterprise money. That’s okay. With the right vendor, you don’t need enterprise-level resources or budget to implement an effective cyber resilience strategy.
If you want to keep your business running, you need to act now. The quickest, easiest and most effective way to start the process of becoming more cyber resilient is to focus on one of your organization’s most vulnerable links – your employees. Educate and empower your entire organization on good security practices. Teach employees to:
- Pay attention to things like requests for financial transfers, domain names, and website addresses.
- Think before they share too much information on social media. Cyberattackers troll sites like Facebook and LinkedIn for personal details and whereabouts.
- Never share credentials or click on suspicious links– even if the email looks like it is from a legitimate bank or financial institution.
Building out a cyber resilience strategy is no longer an option. In fact, whether or not you have a cyber resilience strategy in place could be the difference between life and death for medium enterprise businesses. Download this E-book to learn more about strengthening and empowering your employees. And, learn howMimecast can help your business become more cyber resilient.
Every now and again I hear otherwise sensible security people question why they should improve their security controls, when increasing their cyber-insurance coverage seems much easier and less costly, as if they were alternatives to one another. To me this is akin to debating whether it is better to eat right and stay fit or buy more health insurance coverage. To be clear, cyber-insurance is not a substitute for having strong and sensible security controls, just as health insurance is not a substitute for healthy living. Why is this?
Firstly, cyber-insurance can’t reasonably cover non-quantifiable, but quite real losses that are associated with breaches, such as brand impact, hits to customer goodwill, and wasted staff time responding to incidents. Secondly, like a recent US federal court decision highlighted regarding a rather easy to defend against email enabled attack, whether a successful attack is even covered is debatable and often will need to be fought out in court to find out for sure. Thirdly, and very logically, insurance companies that write cyber-insurance increasingly are measuring organizations’ security posture and maturity to determine pricing and level of coverage. If your “cyber-health” is poor, expect to pay more, just like health coverage costing more for smokers than for non-smokers.
Clearly the takeaway of this blog is that security controls and cyber-insurance are complements and not substitutes. And given the relative immaturity of the cyber-insurance industry, the difficultly of determining what is covered, and the constantly evolving creativity of the attackers, good IT risk management practice calls for having effective security controls that are backed up with cyber-insurance coverage that can help take the edge off a successful attack. Think complements not substitutes.