Olivier Le Moal - stock.adobe.co
Publicity around ransomware has raised awareness about the cyber threat, but there are other serious security issues that remain, experts say.
Paul Holland, information security leader at insurance company Hiscox, told delegates at the Cloud Expo Europe in London that while ransomware is a definite concern, it is not the biggest threat to organisations.
“With WannaCry and NotPetya last year, [there were] massive great headlines worldwide and so everybody picked up on it. People have started to up their patching, which is obviously helping a lot, but we’re still a long way behind,” he said.
“In that respect, it got so much publicity that everybody knows about it, whereas there are still a lot of the other threats that people just aren’t particularly aware about.”
He added that insiders are the biggest threat, as employees are the ones who install malware unwittingly by clicking on phishing links.
Kiran Bhagotra, CEO at cyber security comparison tool ProtectBox, said the publicity has brought light to the topic of ransomware even for non-IT individuals.
“The publicity has helped everybody understand what malware is. Most people, whether they are technical or not, will have heard of ransomware and phishing,” said Bhagotra.
Paul Edmunds, head of technology at the National Cyber Crime Unit, said with the General Data Protection Regulation (GDPR) compliance deadline on 25 May, data breaches will go up the chain in terms of threats to organisations. He added that the rise of mobile devices could also lead to a new avenue for hackers.
“There are a lot of problems around the connected network, [underlined by] the fact that mobile malware is now actually starting to be seen,” he said. “There has been a growth in vulnerabilities and different attack vectors, and that’s the thing that really needs to be addressed.”
He added that it is important for companies to use a monthly patching cycle to protect themselves and to have strategies in place to reduce the impact of an attack when it hits.
Security company McAfee said at Mobile World Congress in February that 2018 was set to be the year for mobile malware, after it recorded 16 billion infections in the third quarter of 2017. This figure was nearly double that from the 2016 quarter and the firm expects there to be more advanced, targeted attacks this year.
Read more about cyber attacks
- Harvard Business School’s CTO, Rick Kamal discusses the seven steps for cyber attack prevention.
- Malwarebytes says the number of malware attacks on Mac computers more than doubled in 2017 compared to the previous year.
- The top cyber security predictions for 2018 in the APAC region.
At Cloud Expo, Hiscox’s Holland said he expects to see a shift where ransomware attackers will ask for a value of money that is slightly less than that of the GDPR fine for a data breach – something security firm Trend Micro has also predicted.
ProtectBox’s Bhagotra said while cyber criminals are not moving faster than those trying to stop them, they are displaying high levels of organisation.
“[The criminals] just know how we all function. They’re very good at thinking, ‘This is what people are doing’ or ‘This is where they’re very protected and this is where the weak spot is, this is where the gap is’,” she said. “They’re very organised about the manner in which they go about it.”
She added that organisations should look for more than one security product if they are to reduce the number of attacks they face. “We don’t look at everything. We just think, ‘This is the latest, let me protect myself here’, and you’re just not seeing what exactly it is that you’re laying yourself open to,” she said.