by Bharat Mistry
Trend Micro blocked an astonishing 81+ billion threats for customers in 2016, according to our newly released TrendLabs 2016 Security Roundup. If any stat speaks of the scale of the challenge facing organisations from online attackers – and the need for comprehensive multi-layered protection – it’s this one. Ransomware unsurprisingly led the way last year, with a 752% increase in new malware families discovered. But it’s Business Email Compromise (BEC) that potentially threatens to cause more problems going forward.
A remarkable year
The past 12 months have truly witnessed a remarkable global threat: online extortion on a massive scale made possible mainly via malware designed to spread and encrypt any file it comes across on the corporate network. The black hats found pretty early on that many organisations simply weren’t prepared to cope with the threat – either by having insufficient layered protection at endpoint, web/email gateways, network and server levels, or by not having implemented regular data back-ups. As a result, more and more decided to get involved in this simple get-rich-quick scheme – with attacks made even easier thanks to open source ransomware and ransomware as a service (RaaS) made available on the darknet.
However, we think BEC has the potential to cause more pain – albeit for a smaller number of victim organisations – over the coming year. As the number of new ransomware families level out and IT teams get better at mitigating the threat, it’s likely more cybercriminals will look to BEC to drive bigger profits. That’s what we predicted in our previous report, The Next Tier, which reveals such scams have already cost firms around $3 billion globally over the past couple of years.
Crucially, such attacks don’t usually involve malware, so are harder for some filters to spot. Rather, they employ spoofed emails and social engineering to target specific members of the finance team – persuading them to transfer large sums out of the corporate account. We reckon firms lost on average $140,000 per attack last year. And there could be more to come.
How to stay safe
These aren’t the only takeaways from our 2016 round-up report, of course, so we’d urge you to take a look to find out more. Other major threats include consumer IoT-powered botnets, and a big uptick in software vulnerabilities. The latter is particularly important because it reinforces the need for basic security hygiene.
Effective patch management can eliminate over 90% of security threats in one fell swoop. The challenge can be in managing numerous disparate update mechanisms, but with the right management tools you can make great strides in security without spending a fortune. That said, as not just the volume but also variety of threats in 2016 has shown us, the only way to ensure maximum security is by layering up threat protection.
There’s no silver bullet solution to today’s threats. So always look for providers who can integrate multiple tools and technique: from signature-based systems all the way to app control, web and file reputation, behavioural analysis and machine learning.
That’s the only way to keep known and zero day threats in check as we head through 2017.