Cyber-threats, data breaches and high-risk vulnerabilities have continued to dominate the first half of 2014, with attacks affecting consumer’s personal information, included theft of data such as customer names, passwords, email addresses, home addresses, phone numbers, and dates of birth, according to a report from Trend Micro.
The data breaches and Distributed Denial of Service (DDoS) attacks recorded this quarter showed that an organization-wide strategy is required if companies wish to survive their aftermath.
Organization-wide, understanding and commitment to carrying out a strategic security plan is necessary. Otherwise, they may resort to highly impractical measures such as reverting to manual processing, as in the case of P.F. Chang’s restaurant, the report noted.
Tom Kellermann, chief cybersecurity officer for Trend Micro, told eWEEK the recent cyber-crime events represent a harbinger of things to come.
"For too long corporations have viewed security as an expense rather than a functionality of conducting business online," he said. "Greater percentages of the IT budget must be dedicated to the safety of their customers online."
All organizations are at risk of being targeted, though financial institutions top the list of the most at-risk businesses.
"Financial institutions are the holy grail of hacking as 95 percent of all 'money' is digital," Kellermann said. "More than 98 percent of bank heists occur in cyberspace and this is being exacerbated by mobile banking and the correspondent rise in mobile mugging. Financial institutions adhere to higher standards of security than other industries, however they are also targeted by the world’s elite hackers."
The report noted deployment of mobile ransomware and two-factor authentication-breaking malware has emerged in response to technological developments in the online banking and mobile platforms, indicating consumers are exposed to an ever more complex web of threats.
"The average consumer should deploy mobile security on all their mobile devices. Update all critical updates every Tuesday," Kellermann advised. "Never use public Wi-Fi and change passwords to 'pass phrases with symbols'. Lastly, one should never click on links, instead, cut and paste them into a browser."
One of the report's more encouraging findings was that global law enforcement partnerships lead to arrests--by sharing research findings with law enforcement agencies, financial loss prevention from cyber-crime has proven effective.
"Threats will continue to escalate as crime has migrated from the streets to the virtual world. The Internet is a free fire zone with a multiplicity of hackers," Kellermann said. "Due to this reality, law enforcement is overwhelmed, and thus, the prosecution rates are less than 5 percent."
For small businesses with limited IT resources, Kellermann said it's extremely important to protecting their users and their presence, and recommends having the Website tested for the OWASP Top 10 vulnerabilities and deploy Web application security.
In addition, Kellermann advised all employee devices should have mobile security deployed, and the laptops should be set to "least privilege," and as businesses migrate to the cloud, they must deploy encryption, anti-malware, intrusions detection systems and file integrity monitoring as extra protective measures.