A security software and hardware company, Sophos Group, has called on organisations to take adequate security measures against the possible attacks of cyber criminals in 2017.
Following the variety of attacks the previous year, ranging from a high-profile Distributed Denial of Service (DDoS), which use hijacked Internet-facing security cameras to the alleged hacking of party officials during the United States of America’s election. The firm says, preparing adequately for possible attacks in 2017 cannot be questioned.
According to the projections of the security outfit, destructive DDoS IOT attacks will rise; there will be shift from exploitation to targeted social attacks; financial infrastructure will be at greater risk of attack; exploitation of the Internet’s inherently insecure infrastructure; increased attack complexity; more attacks using built-in admin languages and tools; growth of malvertising and corruption of online advertising ecosystems, among others.
The firm, therefore, suggested that organizations must among others move from layered to integrated security; deploy next-generation endpoint protection; prioritizing risk-based security; automating the basics and building staff and process to deter and mitigate social attacks.
Accordingly, the firm explained that in prioritizing risk-based security, no organization possessed the resources to protect everything systematically, and 100 percent prevention is no longer realistic.
It suggested the need to clarify the risks associated with each system, and focus efforts accordingly. Sophos claimed that threats change fast, hence the need to look for tools that track them dynamically and respond accordingly.
Sophos said since social attacks now predominate, educating users and involving them in prevention is now even more important.
“There should be focused education on the threats each group is likely to encounter, by making it’s up-to-date: outdated guidance on topics such as phishing can be counterproductive, offering a false sense of security.
The software security firm observed that many organisations now possess multiple solutions that were once best-in-breed but are now too costly and difficult to manage.
As such, it pointed out that moving towards integrated solutions where all components communicate and work together will help to solve this.
“For example, if malware knocks an endpoint’s security software offline, network security should automatically quarantine that device, reducing the risk to your entire environment,” it stated.
Sophos said as ransomware becomes ubiquitous and endpoints grow more diverse, organizations must refocus on endpoint protection, but signature-based solutions are no longer enough on their own and can miss zero-day attacks.
