| | OCTOBER 20219Thanos, Ragnar, WastedLocker, Phobos/EKING and BazarLoader. Five sectors were the most hit, which includes healthcare, professional service firms, consumer services companies, public sector organizations, and financial services firms. Hence organizations need to ensure data backups are timely, complete, and secure off-site. Zero-trust access and segmentation strategies should also be investigated to minimize risk.On the other hand, the supplychain attacks like SolarWinds breach raised the discussion to new heights. Also examining the most prevalent malware categories reveals the most popular techniques cybercriminals use to establish a foothold within organizations. The top attack target was Microsoft platforms, leveraging the documents most people use and consume during a typical workday, while web browsers continued to be another bottleneck. Employees who typically benefit from web-filtering services when browsing from the corporate network continue to find themselves more exposed when doing so outside that protective filter.A large part of the second half of 2020 saw exploits targeting IoT devices, such as those existing in many homes, were at the top of the list. APT (Advanced Persistent Threat) groups continue to exploit the COVID-19 pandemic in a variety of ways. The most common among them included attacks focused on gathering personal information in bulk, stealing intellectual property, and nabbing intelligence aligned with the APT group's national priorities. An increase in APT activity targeting organizations involved in COVID-19 related work saw rise towards the end of 2020. Such targeted organizations included government agencies, pharmaceutical firms, universities and medical research firms.Patching and remediation are ongoing priorities for organizations as cyber adversaries continue to attempt to exploit vulnerabilities for their benefit. Among all the exploits tracked over the last two years, only five were detected by more than 10 percent of organizations. With all things being equal, if a vulnerability is picked at random, data shows there is about a 1-in-1,000 chance that an organization will be attacked. Nearly six percent of exploits hit one percent of firms within the first month, and even after one year, 91 percent of exploits have not crossed that one percent threshold.As threat landscape has become omnipresent with attacks on all fronts, it is important that threat intelligence remains central to understanding these threats and how to defend against evolving threat vectors. Every device creates a new network edge that must be monitored and secured. The use of AI and automated threat detection can enable organizations to address attacks immediately, not later, and are necessary to mitigate attacks at speed and scale across all edges.There is no doubt that cybersecurity user awareness training should remain a top priority as cyber hygiene is not just the domain IT and security teams.So start training your workforce regularly on the best practices to keep individual employees and the organization secure.
<
Page 8 |
Page 10 >