Cybercriminals are relentless in their efforts to cash in by compromising your network. It’s a reality that’s unlikely to change for the better—that’s why your approach to security needs to change, Marc Thaler writes.
Whenever you’re searching for a job, what are the characteristics that set certain positions apart from the rest? A thriving industry? Good pay? The opportunity to take chances with little fear they’ll come back to haunt you?
Wouldn’t you know it? That describes the working scenario for today’s cybercriminals.
The Center for Strategic International Studies (CSIS) says as much in its 2014 report, Net Losses: Estimating the Global Cost of Cybercrime:
“Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the global economy from cybercrime is more than $445 billion, including both the gains to criminals and the costs to companies for recovery and defense.”
Let’s be clear: That message isn’t meant to serve as a recruiting ad for cybercriminals. Rather, it is meant to remind you of what’s at stake in today’s escalating digital fight.
It’s a reminder that needs to be repeated more frequently. Many businesses, perhaps unknowingly, are at a distinct disadvantage because they’re unaware how much of their intellectual property is exposed online at any given time.
Furthermore, if you don’t fully understand what’s at risk, how can you appropriately invest in protecting your company’s most critical assets?
Verizon’s 2014 Data Breach Investigation Report (DBIR) supports such a claim. Findings show that two-thirds of breaches went undiscovered for months—at minimum. In that time, imagine the damage undetected hacks could cause your company.
In this ControlNow white paper, one of the items examined is the use of “crimeware,” deemed the most dangerous form of malware:
“This sophisticated software automates the retrieval of credentials related to banking and online shopping. Cybercriminals have added a host of features to try and remain undetected and grab as much information as possible on infected systems.
“They have built modules designed for specific functions; a global network of ‘command and control’ servers can activate all of these features once the malware has infected a target. These toolkits have capabilities such as port scanning, password stealing, system information gathering, digital certificate theft, remote desktop connectivity and even hard disk wiping and destroying.”
Thwarting threats is best achieved with a defense-in-depth approach that features:
Antivirus: New viruses are constantly introduced on the Internet. Antivirus software prevents, or detects and removes, malicious programs designed to compromise your server, and the machines and devices that connect to it.
Patch management: Patches are security updates meant to address vulnerabilities in software that malware could otherwise exploit. Automated patching ensures all systems and machines are fully protected.
Web protection: According to Verizon’s DBIR, “the majority of crimeware incidents start via web activity,” which speaks to the need for powerful web filtering that prevents users from visiting suspicious sites.
Cybercriminals are relentless in their efforts to cash in by compromising your network. It’s a reality that’s unlikely to change for the better.
That’s why your approach to security needs to change. Countering with comprehensive, layered protection is a smart start.
Marc Thaler is a writer at ControlNow, and a former print and online journalist.