motherboard chip

Security is a key issue for businesses – but where should you focus? | Source: Pixabay

Enterprise security issues CTOs and CIOs are discussing now

INFORMATION security is a key concern for businesses across the world, with hacks and leaks proving more and more damaging and expensive than ever before.

Equifax, Yahoo, and Uber are among a long list of companies that have suffered from a data breach in the recent past – and haven’t quite recovered.

For CTOs and CIOs, it’s important to stay abreast of the key issues in the industry – the latest hacks, cracks, and vulnerabilities.

To help them stay updated, Microsoft has summed up the key themes in cybersecurity that deserve attention right now. These are:

Botnets continue to impact millions of computers globally

In November 2017, as part of a public/private global partnership, Microsoft disrupted the command-and-control infrastructure of one of the largest malware operations in the world – the Gamarue botnet.

Microsoft analyzed over 44,000 malware samples which uncovered the botnet’s sprawling infrastructure and discovered that Gamarue distributed over 80 different malware families.

The top three malware classes distributed by the Gamarue botnet were ransomware, trojans, and backdoors. The disruption resulted in a 30% drop in infected devices in just a three month-period.

Easy marks methods like phishing are commonly used by cybercriminals

As software vendors incorporate stronger security measures into their products, it is becoming more expensive for hackers to successfully penetrate software.

In contrast, it is easier and less costly to trick a user into clicking a malicious link or opening a phishing email.

Last year, Microsoft noticed that ‘low-hanging fruit’ methods such as phishing were being used to trick users into handing over credentials and other sensitive information.

According to the research, 79 percent of SaaS storage apps and 86 percent of SaaS collaboration apps do not encrypt data – neither at rest, nor in transit.

Ransomware remains a force to be reckoned with

Money is ultimately what drives cybercriminals, so extorting cryptocurrency and other payments by threatening potential victims with the loss of their data remains an attractive strategy.

Last year, three global ransomware outbreaks—WannaCrypt, Petya/NotPetya, and BadRabbit—affected corporate networks and impacted hospitals, transportation, and traffic systems.

Most ransomware attacks were targeted at Asian users, and were severely destructive and moved at an incredibly rapid pace.

Since automated propagation techniques were used, they infected computers faster than any human could respond and they left most victims without access to their files indefinitely.