Know Your Vulnerabilities
Cybercrime is going only one way at the moment: UP. As cyberattacks continue to spread, governments and cross-country organizations are increasingly weighing in on the debate about how to break the curve. The International Police Organization, or Interpol, has now called for a faster information sharing between law enforcement agencies, governments and cybersecurity firms.
According to Interpol, collaboration will be key to countering the growing cybersecurity threat. The organization believes the threat is now so severe, that no single country or organization can rely on its own abilities to address the issue. Whilst work is already underway to support a knowledge sharing base, still more needs to be done on a continual base, enabling a lifecycle approach on security controls, where governance is key.
Lack of identity control is a vulnerability
One country seeing a significant spike in major cyber incidents is the UK. The country’s National Cyber Security Centre, which was only established in 2016, has recorded 480 major incidents in the past eight months alone. The recent WannaCry and Petya incidents have affected many and according to the agency, the spike in attacks is in part down to the fact that cyberattack tools are becoming more readily available and more people than ever are using them.
The agency furthermore noted five main trends they see, which could lead to a vulnerability:
There are still organizations that are not getting the basics right, such as putting in basic protections and controls for system administrators, who are typically targets for attackers in stealing identities and credentials.
Many fail to get the balance right between usability and security, with many leaning too far towards convenience and lacking a risk assessment of what data needs to be protected.
Legacy systems and equipment presents opportunities to attackers.
Managed service providers (MSPs) have proven to provide an opportunity for attackers and organizations therefore need to understand the security implications of their supply chains and check their MSPs for security.
Cybersecurity is often overlooked in M&A, where it needs to be addresses effectively in the due diligence process.
WannaCry put cybercrime on the map
The UK’s National Crime Agency notes that the recent WannaCry incident has well and truly put cybercrime on the map, calling it a ‘signal moment’ in terms of awareness of cyberattacks and their real-world impact.
The NCA calls for organizations to ensure they report all incidents, as it believes cybercrime is still highly under-reported. This will help target criminals and create more best-knowledge sharing going forward.
To help protect your organization, one of the first step is to make sure you have control of who has access to what – and govern that access to minimize insider threats and keep bad actors out. Read more here.