Subscribe

Protecting against emerging cyber threats

Kgaogelo Letsebe
By Kgaogelo Letsebe, Portals journalist
Johannesburg, 09 Feb 2017
Extortion, dark cloud use and appliance attacks are among the top areas of increased cyber crime activity.
Extortion, dark cloud use and appliance attacks are among the top areas of increased cyber crime activity.

A report from global business technology and information security association ISACA gives enterprises strategies on how best to protect themselves against cyber attacks.

Titled Cybercrime: Defending Your Enterprise, the report points out that extortion, Dark Cloud use and appliance attacks are among the top areas of increased cybercrime activity reported in 2016 and are expected to continue in the coming years. Juniper Research estimates that the cost of cyber crime will climb to an estimated US $2.1 trillion by 2019.

The report states that the movement of money in the digital domain is the main attraction for cyber criminals. They are leveraging refined tools to target and attack millions of people and enterprises online.

"Attackers tend to go for the low-hanging fruit of whatever is most vulnerable. Any enterprises in any sector that are not implementing appropriate cyber security controls are at risk," says Frank Downs, senior manager of cyber and information security at ISACA.

The leading attacks on enterprises are cyber extortions, the report says. Cyber criminals implement ransomware that encrypts data on a victim's system. Victims of ransomware then receive a notification e-mail soon after their system is locked, offering a private decryption key in exchange for a monetary digital currency payment, like bitcoin. Prevention strategies for these types of crimes include creating regular backups, restricting network access and securing the appropriate technical tools to lessen intrusions.

The second highest area of attack is Dark Clouds. The continued migration to cloud by enterprises affords cybercriminals similar advantages to those of the enterprises. "Once breached, a cloud environment offers access to vast amounts of information that can be re purposed for the criminal profit-making enterprises," says Downs. Encrypting data either between the cloud and the user, or data that is stored along with implementation of multifactor authentication to strengthen the systems is the recommended remedy for this type of crime.

Finally, there are appliance attacks. Cyber criminals attack various interconnected appliances by raising or lowering the thermostat, shutting off or causing appliances to malfunction. Although most of these attacks may not put a person's life at risk, physical harm is possible because IOT components rely heavily on unmonitored firmware or basic operating systems. Some firmware requires a connection to the Internet to work properly or enable additional features.

"The use of perimeter protections, including an intrusion prevention system and a firewall will enable the companies to protect themselves. Companies should employ a security information and event management system, integrate an identity access management central user control program into their IOT devices.

"It is important that enterprises understand their data and the risks that are connected to it. This will enable the company to apply the appropriate level of security to meet its requirements," concludes Downs.

Share