Skip to main content

Cyberthreats Increasing But Shifting, With Ransomware Attacks Down 17 Percent

SCHAUMBURG, Ill.--( BUSINESS WIRE )--2017 was widely billed as the year of ransomware, but cyberthreats have moved in a new direction this year, according to ISACA’s State of Cybersecurity 2018 research . ISACA's State of #Cybersecurity Survey Part 2 finds that cyberattacks increasing (except ransomware--17-pt drop) and active defense strategies are highly effective, but underutilized. https://bit.ly/2swnAJM Tweet this Results show that 50 percent of the 2,366 security leaders surveyed have seen an increase in cyberattack volumes relative to last year. In addition, 80 percent of respondents said they are likely or very likely to be attacked this year—a statistic that remains unchanged from last year’s study. But despite an increase in cyberattacks generally, ransomware attacks are significantly declining. Last year, 62 percent of respondents experienced a ransomware attack, compared to 45 percent this year—a 17-point drop. This is likely because organizations are significantly better prepared after last year’s WannaCry and NotPetya attacks. Eighty-two percent of respondents said that their enterprises now have ransomware strategies in place and 78 percent said they have a formal process—up 25-points from last year. While these findings are positive, the data show that ransomware attacks may have been displaced by cryptocurrency mining, which is becoming more frequent. Cryptocurrency mining malware can operate without direct access to the file system, making them harder to detect—and as the prices of cryptocurrencies increase, the economics of cryptocurrency mining malware becomes better for the attacker. Additionally, the three most common attack vectors remain unchanged from last year: phishing, malware and social engineering. Active Defense Strategies Are Highly Effective, But Underutilized ISACA’s research also found that nearly 4 out of 10 respondents (39 percent) are not at all familiar or only slightly familiar with active defense strategies (e.g., honeypots and sinkholes). Of those who are familiar with active defense strategies, just over half are actually using them. “This is a missed opportunity for security leaders and their organizations,” said Frank Downs, director of cybersecurity at ISACA. “ISACA’s research indicates that active defense strategies are one of the most effective countermeasures to cyberattacks. A full 87 percent of those who use them indicate that they were successful.” Recommendations The ISACA report suggests enterprises must be better prepared with focused attention on several areas, including: Investing in talent —With attacks still on the rise, enterprises must continue to invest in finding, retaining and training skilled cyber security professionals. Exploring further automation benefits —Enterprises should consider automation-driven strategies and tools for detection and to support recovery and response efforts. Ensuring appropriate investment in security controls —With attack vectors (phishing, malware and social engineering) minimally changing, existing control types are still valid and useful. Enterprise investment and attention to security controls should increase in line with the frequency of these attack vectors. Parts 1 and 2 of ISACA’s State of Cybersecurity Study can be downloaded free of charge at www.cybersecurity.isaca.org/state-of-cybersecurity . About the State of Cybersecurity Study More than 2,300 cybersecurity professionals who hold ISACA’s Certified Information Security Manager (CISM) and/or Cybersecurity Nexus Practitioner™ (CSXP) designations and positions in information in security participated in the online survey. Part 1, which examines workforce data, and Part 2, which looks at the evolving threat landscape, are available as complimentary downloads at www.cybersecurity.isaca.org/state-of-cybersecurity . The study is the latest research from ISACA’s Cybersecurity Nexus. About ISACA Nearing its 50th year, ISACA ® ( isaca.org ) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its 450,000 engaged professionals in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI ® Institute , to help advance innovation through technology. ISACA has a presence in more than 188 countries, including 217 chapters worldwide and offices in both the United States and China.
Labels:

Comments

Post a Comment

Popular posts from this blog

Security company in Bellevue vandalized

BELLEVUE, Neb. (KMTV) - An Omaha home security company based out of Bellevue is using its own camera to help track down a thief who stole items from outside their building. Chris Malmberg, the owner of Omaha Security Systems Inc. says an unidentified man stole nearly $300 worth of landscaping Sunday night. "The motion sensors went off and I got a notification on my phone that he was there. We saw him take the plants, we watched him drive away and then immediately contacted police," said Malmberg. "He was real nervous, but he ended up stealing shrubbery, Hosta plants, I mean - never in my life have I ever known somebody to steal landscaping." Malmberg said the plants could be replaced, but what's frustrating is that this is one of several vandalism incidents his business has experienced since OSSI moved into the building near Jefferson and Mission Ave. "We've had vandalism, we've had items stolen, or attempted to be stolen, with the security that we...
Post a Comment
Read more

Study: Majority of U.S. Broadband Households Concerned About Security of IoT Devices

As Internet-connected devices become more ubiquitous, security and privacy concerns of end users are also on the rise. Simply installing security systems in smart homes is no longer enough. Security integrators must also consider bolstering cybersecurity measures when installing their systems. A recently released whitepaper from IoT research firm Parks Associates, titled “Residential Security and Encryption: Setting the Standard, Protecting Consumers,” reveals that 64% of U.S. broadband households are concerned about security and privacy when using their connected devices. Parks Associates also found that the majority of homeowners assume security integrators are addressing their cybersecurity concerns. In fact, a Parks Associates survey of U.S. security owners found 63% of professionally monitored subscribers believe the wireless signals from their system are encrypted, even though encryption is currently not the industry-wide standard. While the whitepaper outlines a few ...
Post a Comment
Read more

Ring Alarm review: A great DIY home security system with the potential to become even better

Ring builds some of our favorite video doorbells and security camera/outdoor lighting mashups. Now the company—recently acquired by Amazon—is moving inside the home with a strong and inexpensive DIY home security system: Ring Alarm. It’s a fantastic product today, and Ring says it will only get better with time. Ring Alarm is positioned as a mainstream home security system, and while you won’t find a great deal of innovation here (there’s nothing like the Nest Detect sensor that comes with the much-more-expensive Nest Secure system , for example), it’s already equipped with everything it needs to grow into a comprehensive smart home system. Ring Alarm doesn’t support smart lighting controls, door locks, thermostats, garage-door openers, or other common smart home products today, and there’s a very short list of supported third-party products. But it lacks nothing needed to support those and similar devices down the road. And in an intervi...
Post a Comment
Read more