• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Business   »   2017’s Biggest Threats and What CISOs Can do to Mitigate Risks in 2018

2017’s Biggest Threats and What CISOs Can do to Mitigate Risks in 2018

  • Posted on:March 8, 2018
  • Posted in:Business, Ransomware, Security
  • Posted by:
    Ed Cabrera (Chief Cybersecurity Officer)
0

Enterprise Risk Management (ERM) is getting harder every day. According to the World Economic Forum‘s 2018 Global Risks Perception Survey, cyber attacks and data theft are 3 and 4 respectively of the top 5 likely risks organizations will face this year. This is not surprising, in 2017 CISOs the world over faced crippling ransomware attacks, large-scale vulnerability threats, debilitating business email compromise (BEC) scams, the rise of cryptocurrency risks, ever-evolving internet-of-things (IoT) threats, and a continued stream of data breaches. So, how did businesses fare in their midst? And what should companies do to manage their enterprise risk in 2018?

Ransomware attacks from WannaCry to Petya resulted in production line downtime at Honda, Nissan, Renault, and even Cadbury. The likelihood and impact of these attacks increased 10 times with the convergence of capable ransomware and the wormlike capabilities of the EternalBlue exploit. These attacks, if nothing else, highlighted the need for CISOs to rethink and reassess their operational risk exposure. No longer can we look at these threats solely as an IT risk but rather as a combined IT and operational technology (OT) risk that could result in billions in losses globally.

[READ: For more information on the threats that plagued companies in 2017]

The need for risk-based vulnerability management couldn’t be greater in 2018, even if only a small percentage of the vulnerabilities discovered and disclosed were and will continue to be weaponized in exploit attacks. Threats such as Dirty COW, which was seen in 2017, could still greatly impact companies.

BEC attacks continued to increase in frequency and in scale. The FBI’s Internet Crime Complaint Center (IC3) received more than 12,000 complaints amounting to a loss of US$360 million in 2016 alone. These deceptively simple socially engineered attacks are incredibly adept at finding and exploiting systemic communication vulnerabilities in organizations. CISOs will need to expand their training and awareness programs to include the boardroom as well as the server room to mitigate them.

Cryptocurrency-related threats, regardless of platform and victim type, resurged in 2017 as well, spurred by the increase in bitcoin value. Even IoT botnets shifted focus from causing distributed denial-of-service (DDoS) disruptions to mining cryptocurrency. Data breaches continued to impact businesses, damaging their reputations with unauthorized disclosures.

Given the wide range of threats we expect to face, enterprises would benefit most by prioritizing risks across the network. CISOs will need better visibility and connected, multilayered security defense if they are to properly mitigate these threats and their 2018 iterations. Security technologies that make use of real-time scanning, web and file reputation, behavioral analysis, and high-fidelity machine learning while providing endpoint security are a must. Enhancing your companies’ security posture by educating executives and employees on threats and vulnerabilities (emerging and otherwise) is also beneficial.

[READ: For more information on ways to mitigate risks at the network level]

For a complete picture of the security threat landscape in 2017 and how CISOs can help their companies mitigate the risks that similar and/or emerging threats will continue to pose in 2018, read The 2017 Security Threat Landscape.

Related posts:

  1. Which Threats had the Most Impact During the First Half of 2018?
  2. This Week in Security News: IoT Threats and Risks
  3. 2018’s Biggest Attacks Will Stem from Known Vulnerabilities
  4. Cloud security can mitigate risks for healthcare industry

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Offerings Are FedRAMP Authorized and Available on AWS
  • Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G
  • Trend Micro Receives 5-Star Rating in 2021 CRN® Partner Program Guide
  • Smart Factory Cyber Attacks Knock Out Production for Days
  • Eliminate Hesitations: Security Simplified For Those Building In The Cloud
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.