Cybersecurity threats: the blows follow one another
It’s October and that means it’s Cyber ââSecurity Awareness Month again. Cyber ââsecurity threats continue to evolve and proliferate at an increasing speed. Opportunistic attackers take advantage of everything from remote work and cloud configuration errors to poorly defended operational technologies protecting critical infrastructure. And they are getting more professional with models like ransomware-as-a-service.
DXC Technology has identified 10 types of threats that present major challenges for organizations around the world. We have also described our main defense strategies against these threats.
Top 10 Cyber ââSecurity Threats
Businesses face threats from all sides, including:
- Threats to the supply chain. Supply chain attacks, like that experienced by solar winds, are particularly problematic because even if your own security is robust, they can infiltrate your environment via vulnerabilities in the security of your suppliers.
- Attacks on Linux and other non-Microsoft operating systems. Attackers are increasingly reaching beyond the Microsoft operating system. For example, Vermilion strike rewrote the Cobalt Strike Windows red team tool to attack Linux systems.
- Persistence of major ransomware players. Major ransomware gangs such as the REvil ransomware operation as a service do not usually go away, but rather hibernate to avoid increased surveillance or adopt new names. The ransomware-as-a-service model has enabled these groups to dramatically increase their hackers and affiliate revenues.
- Remote workforce vulnerabilities. In a recent poll67% of those polled said the attacks targeted remote workers and 74% said an attack was the result of vulnerabilities related to COVID-19. It appears that companies have not sufficiently adapted their security strategies in response to the new reality of the remote workforce.
- Cloud attacks due to misconfiguration. According to IBM, two-thirds of recent cloud breaches “would likely have been avoided by more robust systems hardening, such as the proper implementation of security policies and patch systems.” Problems with credentials and policies “spill over into the most commonly seen initial infection vectors (including) misconfigured assets, password sputtering, and pivoting from infrastructure on. site”.
- Zero-day threats. New security vulnerabilities not matching any known malware signature have reached new heights this year, with at least 66 zero-day viruses and other malware Already used.
- Threats to operational technology (OT) systems. Attacks on OT devices – as the Compromise of the colonial pipeline – has skyrocketed 46 percent this year. The utilities and manufacturing sectors are particularly at risk. Cyber ââsecurity measures for OT are still weak or non-existent in many cases.
- Trademark abuse attacks. In almost half of these fraudulent attacks, cybercriminals masquerading as credible brands to collect consumer login details or personal data. These attackers have spoofed digital content and experiences by creating fake social media profiles, malicious mobile apps, or fraudulent websites.
- Destruction of the ransomware recovery key. Some ransomware gangs such as Grief and Ragnar Locker have threatened to remove decryption keys from victims if an organization involved authorities or a trading company, rendering the data unrecoverable.
- Mobile threats without clicks. These insidious attacks, which allow malware to install themselves on a victim’s device without the person clicking a link, are on the increase for Android and Apple devices.
The best defense: good cyber hygiene
In DXC’s experience, the better defense against sophisticated emerging threats is to fully understand the basics. Simple errors such as misconfigured cloud settings, weak passwords, and unpatched or outdated software can lead to major operational disruptions and data leaks.
Follow these basic safety hygiene practices to ensure you are well protected against known and emerging cybersecurity threats:
- Get the right configurations. Review your configuration management database (CMDB) and plan a decision process that sets security levels from most to least secure.
- Monitor the security controls you have in place. If an alert is triggered but nobody notices it quickly, hackers will have time to gain a foothold in your environment.
- Improve identity management. Problems often result from too many highly privileged accounts, especially if some are disabled or unused, or from a lack of multi-factor authentication.
- Know your crown jewels. Determine which assets are critical to the survival of the organization and which are less critical, then assign security controls accordingly.
- Increase visibility with third-party suppliers. Identify, document and define the risks associated with all your suppliers and third-party providers.
- Track fixes and updates. Establish good coordination between the IT department and the security organization so that you can verify that software and operating system patch guidelines are being applied throughout the organization by operational IT teams.
- Keep and secure reliable backups. Perform regular and full backups of all critical systems and isolate them to protect yourself from attacks. Know how to quickly rebuild from backup and perform disaster recovery exercises regularly.
- Integrate security into all new applications and solutions. Safety shouldn’t be a second thought; it’s more efficient and ultimately easier to integrate from the start, using the native capabilities of your cloud platforms and operating systems when possible. Validate security once new systems go live with penetration testing and vulnerability scans.
DXC Technology Co. published this content on October 11, 2021 and is solely responsible for the information it contains. Distributed by Public, unedited and unmodified, on October 13, 2021 19:51:06 PM UTC.
Public now 2021
Trends in technical analysis DXC TECHNOLOGY COMPANY
|Short term||Mid Road||Long term|
Evolution of the income statement
|Number of analysts||11|
|Last closing price||
|Average price target||
|Spread / Average target||36.1%|