Technology / Internet
Cybersecurity 2018: what's working and what’s a worry
26 Apr 2018 at 14:21hrs | Views
Every time a report on the state of cybersecurity is released, the world braces itself. After all, while the details have intermittently changed over the last few years, the overall message has remained the same: the sky is falling.
However, 2018 actually brings with it a different message. Part of the sky is still falling, certainly, but another part of it is shoring up and holding steady. Namely, the cloud. Here's what's working when it comes to improving the state of cybersecurity as well as what is still a major worry for 2018.
Looking up
The optimism of 2018 comes courtesy of the best possible source: facts and figures culled from a survey of over 1200 qualified IT security professionals. In the Imperva Cyberthreat Defense Report, those security practitioners and decision markers have indicated that 2018 has marked a year over year decrease in how many organizations have been hit by a successful cyberattack. This is the first decrease registered in five years.
Since 2014, organizations around the world have had to withstand a 17% increase in successful attacks and an untold but presumably huge increase in attack attempts, so that two-percent decrease is well worth celebrating. It's also well worth investigating what's behind the decrease, and it would seem that cloud deployment and delivery of security solutions is heavily involved.
To help handle some of the most constant and crushing cyberthreats, of the organizations that have invested in distributed denial of service or DDoS protection, 46.1% are using hybrid on-premise and cloud-based DDoS protection while 25.4% solely have cloud-based protection. In total, 55% of organizations have already deployed DDoS protection and an additional 31% have plans to do so in 2018.
Cloud-based solutions have also made headway in privileged account/access management, with 70.3% of organizations using either hybrid or cloud-based solutions, and a further 70.1% using either hybrid or cloud-based web application firewalls and 69.1% using hybrid or cloud-based security information and event management solutions.
Squinting ahead
Cloud-based security solutions as well as the tireless efforts of IT security staff can only do so much to protect organizations, unfortunately. According to the Imperva report, two of the biggest cybersecurity threats facing organizations are spear phishing and malware, and these are two issues directly related to a lack of organization-wide cybersecurity awareness.
Spear phishing is a sophisticated and highly targeted take on phishing. Gone are the days of laughable Nigerian Prince emails with attackers instead doing their homework and impersonating vendors or other contacts when they target an organization, requesting fraudulent payments or sensitive information. The FBI estimates that organizations have lost a total of $5 billion to these email scams, with $100 million of it lost by two of the biggest tech companies in the world – Facebook and Google.
Malware is arguably even harder to stop as it is quickly and easily spread through links in emails sent by attackers or on under-protected Internet of Things devices used in an organization, which can be anything from tablets to routers and CCTV cameras. Malware is the source of a wide range of cybersecurity issues including ransomware, banking trojans, remote control of devices, and backdoors into systems, and the fight against it requires improved cybersecurity education throughout the organization as well as increasingly airtight security measures on every device used in an organization. To understate it, malware is a huge problem and will very likely remain so throughout 2018 and into the future.
The IT professionals surveyed by Imperva also indicated they're worried about intelligent threats designed to outwit signature-based defenses, and in happier news this is a problem security professionals could be much more in control of by next year's report if security measures like granular traffic inspection and customizable policies are put into place.
Overall outlook
There's good reason for cautious optimism when it comes to the cybersecurity landscape but still plenty of room to be wary. Cybersecurity professionals are doing their part to keep organizations secure and cloud-based solutions are helping the effort, but attackers are hard at work as well, so while this year has so far shown an improvement the non-cloud part of the sky is still poised to potentially come crashing down. Blue skies ahead, indeed.
However, 2018 actually brings with it a different message. Part of the sky is still falling, certainly, but another part of it is shoring up and holding steady. Namely, the cloud. Here's what's working when it comes to improving the state of cybersecurity as well as what is still a major worry for 2018.
Looking up
The optimism of 2018 comes courtesy of the best possible source: facts and figures culled from a survey of over 1200 qualified IT security professionals. In the Imperva Cyberthreat Defense Report, those security practitioners and decision markers have indicated that 2018 has marked a year over year decrease in how many organizations have been hit by a successful cyberattack. This is the first decrease registered in five years.
Since 2014, organizations around the world have had to withstand a 17% increase in successful attacks and an untold but presumably huge increase in attack attempts, so that two-percent decrease is well worth celebrating. It's also well worth investigating what's behind the decrease, and it would seem that cloud deployment and delivery of security solutions is heavily involved.
To help handle some of the most constant and crushing cyberthreats, of the organizations that have invested in distributed denial of service or DDoS protection, 46.1% are using hybrid on-premise and cloud-based DDoS protection while 25.4% solely have cloud-based protection. In total, 55% of organizations have already deployed DDoS protection and an additional 31% have plans to do so in 2018.
Cloud-based solutions have also made headway in privileged account/access management, with 70.3% of organizations using either hybrid or cloud-based solutions, and a further 70.1% using either hybrid or cloud-based web application firewalls and 69.1% using hybrid or cloud-based security information and event management solutions.
Squinting ahead
Cloud-based security solutions as well as the tireless efforts of IT security staff can only do so much to protect organizations, unfortunately. According to the Imperva report, two of the biggest cybersecurity threats facing organizations are spear phishing and malware, and these are two issues directly related to a lack of organization-wide cybersecurity awareness.
Spear phishing is a sophisticated and highly targeted take on phishing. Gone are the days of laughable Nigerian Prince emails with attackers instead doing their homework and impersonating vendors or other contacts when they target an organization, requesting fraudulent payments or sensitive information. The FBI estimates that organizations have lost a total of $5 billion to these email scams, with $100 million of it lost by two of the biggest tech companies in the world – Facebook and Google.
Malware is arguably even harder to stop as it is quickly and easily spread through links in emails sent by attackers or on under-protected Internet of Things devices used in an organization, which can be anything from tablets to routers and CCTV cameras. Malware is the source of a wide range of cybersecurity issues including ransomware, banking trojans, remote control of devices, and backdoors into systems, and the fight against it requires improved cybersecurity education throughout the organization as well as increasingly airtight security measures on every device used in an organization. To understate it, malware is a huge problem and will very likely remain so throughout 2018 and into the future.
The IT professionals surveyed by Imperva also indicated they're worried about intelligent threats designed to outwit signature-based defenses, and in happier news this is a problem security professionals could be much more in control of by next year's report if security measures like granular traffic inspection and customizable policies are put into place.
Overall outlook
There's good reason for cautious optimism when it comes to the cybersecurity landscape but still plenty of room to be wary. Cybersecurity professionals are doing their part to keep organizations secure and cloud-based solutions are helping the effort, but attackers are hard at work as well, so while this year has so far shown an improvement the non-cloud part of the sky is still poised to potentially come crashing down. Blue skies ahead, indeed.
Source - Agencies
