For IT security teams across the globe the past 12 months have been a roller coaster ride. From massive attacks on our federal data stores to sophisticated, economically motivated data breaches, to newly emerging threats in the Internet of Things space – there’s never been a dull moment. But as we pick over the remnants of 2015, it makes sense to look at what lessons we can learn from some of the key events, to better prepare us for the year ahead.
One thing is certain: CISOs and their teams are going to be tested like never before in the coming 12 months.
The year of the data breach
There’s barely enough space here to analyze all the data breach incidents that have occurred over the past year. You’ll no doubt remember some of the biggest: JP Morgan (83 million); infidelity site Ashley Madison (37 million), Anthem (80 million) and prison tech company Securus (70 million records) particularly caught the eye. The government suffered its fair share of attacks too, notably the Office of Personnel Management (22 million).
What can we learn from these incidents? Well, it is clear that government systems need to be better protected against targeted attacks. The 30-Day Cybersecurity Sprint made a great start by improving access controls, but it is only a start. Public and private sector organizations alike need to think harder about protecting against the growing threat of targeted attacks. The means to launch fairly sophisticated cyber intrusions designed to fly under the radar of traditional security defenses is readily available on the darknet today. Organizations need to fight back with advanced sandboxing capabilities to spot malware in spear phishing emails; file integrity monitoring and log inspection to get better situational awareness of unusual network behavior and lateral movements; and intrusion detection/prevention to shield unpatched vulnerabilities.
Another thing to realize from these attacks is the sheer diversity of threat actors out there. From nation states to financially motivated cybercriminal gangs to hacktivists and belligerent insiders – no organization is safe today. For a myth-busting run down of the past decade of data breaches check out our Follow the Data reports – some of the findings might surprise you.
Information is power
At Trend Micro we’ve been doing our best to help our customers, and industry stakeholders, push back the rising tidal wave of threats facing us. In 2015 we continued to innovate in our product development to protect against the latest threats; teamed up with law enforcers to tackle the bad guys head on – helping dismantle the Dridex botnet; protected customers past the end of support deadline for Windows Server 2003 thanks to virtual patching in Deep Security; and released major new research to progress the fight against cybercrime.
Some of our best research included a series of papers uncovering various regional Deep Web underground economies in countries like North America, Russia, Japan, Germany and China. We also leveraged our global reach further, to uncover a worrying increase in critical infrastructure attacks against nations in the Americas; and we revealed that internet-connected gas station pumps may also be in the firing line of hackers.
Another Trend Micro study – this time of US, Japanese and European consumers – found huge misgivings about IoT privacy and security. The industry needs to pull together pretty quickly to agree on standards and build security into these connected devices from the ground up, before it’s too late.
To find out more about our predictions for 2016 check out our latest report, The Fine Line.
Please add your thoughts in the comments below or follow me on Twitter; @jonlclay.