By the DynaSis Team
Due to the rising cost of breach remediation, including potential fines, penalties and lost customer goodwill from data theft, cybersecurity experts are now looking at “cyber risk” in a new light. Today, the riskiest threats aren’t necessarily those that do the most system damage. They are the ones that expose a company to the most liability. For example, an attack that reconfigures software or deletes data might be expensive to remediate, but its total damage footprint will be less than having thousands or even hundreds of confidential records stolen. And, because profit is now the central motive of the vast majority of threats, theft or fraud-based activities are a component of nearly every attack.
Exacerbating the situation, 2014 saw the continued development of Malware as a Service (MaaS). Like the cloud-based Software as a Service (SaaS) programs – from Salesforce to Dropbox – that are popular with consumers and businesses, MaaS is highly intuitive, sophisticated and able to serve many users at once.
Essentially, companies are producing and packaging these products and services and selling, leasing or subcontracting them to others, making it easier than ever for criminals to stage complex and highly evasive multi-stage attacks. Other are customizing malicious source code on a contract basis for their own and others’ benefit.
These companies and individuals are also sharing information to enhance each other’s capabilities. There is no “competition” among malware authors that prevents information sharing. All of them have the same goals and all can profit individually from their attacks.
Finally, the development of detection-evasion techniques is also accelerating. Given that a successful threat actor only needs to focus on one or two evasion techniques to deploy a threat capable of breaching many organizations’ defenses, firms that rely on outdated security solutions are operating with a false sense of complacency - and putting their firms at extreme risk.
In such a landscape, organizations must constantly enhance their security postures to counter this evolving threat environment. Furthermore, the IT teams that work on corporate security, whether they are in-house or outsourced, must have very high-level skill sets that are continually updated. Integration with an advanced threat detection resource that continually scans the globe for new threats - and a mechanism for automatically updating whatever solution is in place - is also vital.
Currently, the courts are taking a dim view of companies that fail to adequately protect confidential assets and thereby expose other, unwitting individuals to risk, as well. Taking steps now to implement a comprehensive, advanced, largely automated security solution is the surest way to protect your firm, your assets and your customers and to sharply reduce the potential for unsurmountable liability.
DynaSis is an Atlanta IT services and cloud computing provider for small and midsized businesses. All of our solutions focus on helping companies achieve the three fundamental IT necessities of the modern business—availability, security and mobility. We specialize in on-demand and on-premise managed IT services, managed cloud infrastructure, desktops and backups, and professional hardware and equipment installation. For more information about DynaSis’ IT support and services, visit www.dynasis.com.