2017 is going to be a challenging year in the field of corporate IT Security. The constant evolution of the threat landscape calls for new protection technologies, while demanding businesses to alter their perception of threats and devise new strategies to detect and respond to attacks. Significant turbulence is expected and to succeed, both vendors and customers have to focus on developing their security intelligence.
2016 saw a decrease for the first time in the overall number of malicious programs detected, suggesting that cybercriminals applied cost-cutting measures. However, this doesn’t mean that threat level decreased as the overall number of users attacked actually increased by 5% compared to 2015.
Corporations have been targeted with even greater force and criminals more actively looking to steal corporate funds via ransomware, by targeting Point-of-Sale terminals or even compromising entire networks of financial institutions.
The evolution of the threat landscape defines the need for new approaches to business security. Before delving into the details, let’s observe the reasons behind the change.
Three major trends in corporate IT security
The next targeted attack against businesses will not be sophisticated, but will remain dangerous. It doesn’t matter if threat actors use a unique zero day or not. It’s how fast a successful breach is spotted and how well an organization reacts.
Our report on most recent attacks indicates perpetrators meticulously plan their steps far ahead of an actual attack to compensate the lack of or to save on offensive technology. The only solution to reduce the risk of an attack is to foresee it before it happens, based upon up-to-date threat intelligence, to prepare accordingly.
Ransomware, PoS attacks, and other specialized cyber threats on the rise
We saw rapid development of ransomware threats in 2015, targeting mostly SMBs to extort money and put their data at risk. Although enterprises are usually better prepared for such attacks, ransomware is an example of a specific threat exploiting weaknesses in the corporate security strategy to get closer to corporate funds. We still see more attacks on PoS terminals, large-scale DDoS attacks and other threats where money are the main goals.
Generic malware is still the main headache of your IT department
Our statistics show 58% of corporate computers were attacked by malware at least once in 2015 — not an unexpected figure, but still high. Those who say that traditional anti-malware technologies preventing traditional attacks are outdated, should think again. If your IT department is busy fighting widespread malware, does it have the resource to detect and protect against a targeted attack? Before a security vendor starts developing a solution designed to spot targeted attacks, it has to ensure all traditional attacks are already detected and blocked.
The next big thing for the IT Security industry: Transforming security intelligence into real protection
The security industry recognizes that customers today need more than just security software. Our clients are interested about their IT infrastructure’s level of protection and its potentially vulnerable points. They want to address their employees’ mistakes and protect their data during processing and transfer outside of the corporate security perimeter. Or how they should manage the fundamental flaws in the basic IT technologies they use.
While new security solutions emerge to address these challenges, no security vendor can address all business demands only with software.
The solution is to share intelligence. It is time to speed up the transformation of knowledge into real protection — a combination of solutions, expertise, and services that makes a business truly protected from the full spectrum of cyber threats.