By Anand Hariharan, VP, Prodcuts, Webscale Networks
Global cyber attacks such as WannaCry, Petya, Vault 7, and last month’s data breach at HBO, are just some of the most recent examples of a rapidly increasing wave of cyber attacks that organizations and individual can no longer afford to ignore. The impact of these attacks range from theft of sensitive and critical information to irreversible damage of brand and reputation through complete website unavailability, all of which can be very expensive to overcome.
According to a report by Juniper research, cybercrime could cost businesses over $2 trillion by 2019, increasing the estimated cost of breaches in 2015 by almost four times. In India specifically, Gartner predicts that information security spending will grow 12% to $1.5 billion this year, and to $1.7 billion by 2018.
With the magnitude of data breaches and sophistication level of cyber-crimes going up with each successful attack, IT security companies are accelerating their growth through channel partners. In fact, these companies depend heavily on channel partners to sell their products, deploy them, and service/support in order to strengthen their customer’s defenses against cyber security risks.
Top Cyber Security Threats Affecting Companies Globally
Data and intellectual property are the foundation of most companies, and even the smallest vulnerabilities can give a seasoned hacker the access they need. Anyone defining security policies for their business today needs to be thinking about how well they are protected, and how quickly they can both react and recover, from these top three cyber security threats.
Distributed Denial of Service (DDoS)
A DDoS attack is typically carried out by exploiting a network of internet-connected devices and creating a botnet to overwhelm a server with requests until it eventually becomes unavailable. One of the largest, and most recent attacks of this kind was on DYN, a DNS service provider, that brought down many of the most prominent websites in the US, including Amazon, Wall Street Journal, Netflix, PayPal and many more. The sheer scale of the attack was made possible by infecting a large number of IoT devices, including printers and baby monitors, and using them to to orchestrate the attack.
The attack not only highlighted the inefficiencies of service providers to deal with the scope of latest cyber-attacks but also brought forth the issue of IoT device security. Gartner predicts that there will be 8.4 billion connected things in use worldwide in 2017, up 31 percent from 2016, and will reach 20.4 billion by 2020. With this projected growth, organizations need to have DDoS protection in place, should cybercriminals choose to leverage potential vulnerable backdoors in these devices to carry out a similar attack.
Ransomware is malicious software that locks down systems, preventing access until the hacker’s monetary demands are met.
In the US alone, organizations spent more than $2 billion in ransomware threats in 2016. Given the scale of recent ransomware attacks like WannaCry and Petya, it is safe to assume that these attacks are only going to get bigger, more frequent and costlier to website owners and businesses.
Social Engineering and Phishing
Social engineering refers to the practice of convincing people to divulge confidential information, like credit card numbers, passwords etc. Phishing, a type of social engineering, involves hackers tricking victims into sharing sensitive information or clicking on a link containing malware, by sending personalized emails from trusted accounts.
A phishing attack can be devastating for both individuals and companies alike. Individuals can suffer major financial losses if they get trapped into sharing their sensitive information. Corporations could be even more severely impacted if the attacker gains access to an internal network, and uses it to either launch a large-scale ransomware attack or to steal confidential information.
Dealing with Cyber Threats
The advancement of technology, while improving many aspects of life, is also opening new channels for cyber criminals to plan and launch malicious attacks. There are vendors in the market like Webscale who develop stand-alone security solutions that specialize in providing protection against most of these external threats, including DDoS attacks, SQL Injection, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and others.
Small to medium-sized businesses in the mid-market, who may lack the internal resources to both monitor and protect their assets from cyber threats, now have simple, software-as-a-service (SaaS)-based solutions available to them. These solutions can be deployed in a matter of minutes, and go far beyond basic firewalls, intrusion detection systems, and virtual private networks in that they are constantly adapting to the evolving nature and sophistication of today’s cyber threats.
That said, selecting the right technology platform is only part of the challenge. Organizations need to install robust cyber security policies, conduct regular security audits, create incident responses and disaster recovery plans, as well as organize regular data security trainings for employees. In addition, utilizing tools that include simple, customizable controls that can be set up and activated with a single click, dramatically increase an organization’s ability to respond to security threats in a timely manner, mitigating the potential damage caused by an external threat.
[Disclaimer: The views expressed in this article are solely those of the authors and do not necessarily represent or reflect the views of Trivone Media Network's or that of ChannelTimes']