Cyber Report – Detection time reducing to 4 hrs

Once Malware breaches a business, it goes about whatever activity it has been programmed to undertake to be that CnC, file encryption or just general reconnaissance and infection of other devices and networks. The longer the malware remains undetected, the more potential damage it can do.

Cisco’s inception the Cisco Security report has tracked the time to detection of malware. Time to detection, or TTD, is the window of time between a compromise and the detection of a threat. The industry average for 20 known malware was a staggering 100 days and while it has fallen this year, it still means that for 20 known malware types, cyber attackers have on average a vast amount of time to probe and create maximum damage. Cisco research base on telemetry contained with it’s globally deployed devices has steadily seen it’s own detection time reduce to 3.5 hours as of April 2017.

Increases in the median TTD indicate times when cyber attackers introduce new threats. Decreases show periods where defenders are identifying known threats quickly. Since the summer of 2016, the ongoing tug-of-war between attackers and defenders has been less dramatic, with the latter taking back ground quickly after each attempt by adversaries to gain—and maintain—the upper hand.

Developments in the cyber threat landscape, especially within the past six months, show that cyber criminals are under even more pressure to evolve their threats to evade detection and devise new techniques.

The figure below shows the median TTD for the top 20 malware families by percentage of detections that researchers observed from November 2016 to April 2017. Many of the families that Cisco products are detecting within their median TTD of 3.5 hours are industrialized threats that move fast and are widespread. Old and prevalent threats are also typically detected below the median TTD.

Many malware families can still take a long time for defenders to identify even though they are known to the security community. That’s because the attackers behind these threats use various obfuscation techniques to keep their malware active and profitable. Some of these malware families include —Fareit (a remote access Trojan or “RAT”), Kryptik (a RAT), Nemucod (a downloader Trojan), and Ramnit (a banking Trojan)—use specific strategies to stay ahead of defenders.

Many malware families can still take a long time for defenders to identify even though they are known to the security community. That’s because the attackers behind these threats use various obfuscation techniques to keep their malware active and profitable. Some of these malware families include —Fareit (a remote access Trojan or “RAT”), Kryptik (a RAT), Nemucod (a downloader Trojan), and Ramnit (a banking Trojan)—use specific strategies to stay ahead of defenders.

Their methods are effective: As the Figure above shows, all these families were outside the Cisco median TTD window of 3.5 hours— Kryptik significantly so. Even Nemucod, the most frequently detected among the top families shown, takes longer to identify because it evolves so rapidly.

In many instances, businesses are using outdated modes of protection against these threats and may typically fall in the industry average which days not hours. Many businesses are still dependent on Anti-Virus software and Firewalls rules as their principle means of protection.

Given the evolved nature of threats and their ability to easily evade traditional methods of detection, the traditional approach is akin to using a colander to catch water.

A more sophisticated approach to cyber threat defences involving a combination of adaptive, integrated detection techniques with automated protection is necessary for business today.

Speak to one of our Experts?

We help businesses of all shapes and sizes in protecting their vital IT assets. For a consultation with our team as to how we can help protect you from a cyber breach, simply get in touch for a free, no-obligation conversation. Alternatively, our free downloadable guide offers more insight into avoiding (and surviving) a cyber-attack.

Ransomware Defence Checklist

Do you know anyone who has suffered a Ransomware attack? Most likely the answer is yes. That is because Ransomware is the fastest growing and most profitable cyber crime today, grossing over $1bn last year. Many businesses still do not have a plan to mitigate such a common cyber attack.

On the other hand, following a best practices approach to protect and mitigate a cyber attack is a question of adopting a security culture within your business. Either you do or you don’t. If you don’t the likelihood is that this growing breed of cyber attack will come knocking on your door some day soon and you will be powerless to prevent it.

I have spoken to many business owners who have been victims of Ransomware or know someone who has, some have learnt from this experience and are now much better prepared if it happens again. The consequences of not recovering are unimaginable without wanting to sound too dire.

The best practices guideline below can be used as a checklist to focus on where you are in your Ransomware threat preparation and what still needs to be done.

Speak to one of our Experts?

We help businesses of all shapes and sizes in protecting their vital IT assets. For a consultation with our team as to how we can help protect you from a cyber breach, simply get in touch for a free, no-obligation conversation. Alternatively, our free downloadable guide offers more insight into avoiding (and surviving) a cyber-attack.

Is Your Small Business Ready For a Data Breach?

“Best practices” are intended to be a good thing — the gold standard we should all strive for. But they can be a source of frustration for smaller businesses. Reading about your industry’s best practices can be a lot like a roll call of the things that you have yet to do.

One reason for that frustration is that a lot of people see best practices from an “all or nothing” framework. They decide that, since they can’t afford the whole nine yards, they just won’t worry about it. But that’s a short-term view, especially when it comes to something like your company’s online integrity. That integrity faces a number of challenges, ranging from data breaches and regulatory requirements to customer demands and branding consistency across channels.

“Digital integrity” might not make you sit on the edge of your seat with excitement. Nor will “digital policy” make it into the top three spots of dinner conversation topics. But both should be on your radar screen now because it is easier to put a bit of work into it today than to try to figure things out in panic mode after there’s been a breach. So here are some things that you should consider.

What is digital integrity?

“Digital integrity” refers to the ways in which you manage your company’s digital presence: what it is, where you keep it, who can access and manage it, etc.

Why is digital integrity so important?

Your online presence is the face you present to the world. The information needs to be accurate. The branding needs to be consistent. It needs to be in line with your business strategies. And it needs to protect the customers who place their trust in you. That’s especially true when it comes to data breaches.

Having digital integrity in the context of data breach means that you are protecting your prospect and customer data from a number of bad actors trying to steal it. In 2015 alone, almost 3.1 billion records containing personal information were compromised. And if you think you’re too small to be a target, you’re wrong. Small businesses are the target of 43% of all cyber attacks. Most criminals understand that small businesses don’t have the resources to enact security on the same level as a large enterprise. Unprepared businesses are the proverbial low-hanging fruit.

There’s another statistic about small businesses that’s even scarier: 60% of small businesses that suffer a breach shut the doors within six months. Small businesses just don’t have the liquidity to absorb the overwhelming costs associated with mitigating a data breach.

Whose job is it?

While enterprises may have entire departments dedicated to their data security, in small organizations the responsibility tends to fall on the person who first realizes the enormity of the risks and is motivated enough to take action. Eventually, however, a thorough digital policy will need to include marketing, information technology, loss prevention, human resources, and sales, with one individual having the official responsibility for getting the policy written and implemented. Your organization can develop its policy without outside support, but only if you have the expertise in house.

So is there an “essentials” version of the best practices?

Obviously, the more thorough your policies are, the safer you, your partners, and your customers will be. But you have to start somewhere. If you’ve been taking your chances and hoping for the best, the first thing you need to do is examine your risks in detail. To continue with our data breach example, here are some things you should consider:

Do you accept online payments and/or in-store credit card purchases?

There are strict standards for how payment information is procured, processed, and stored. These standards are a collaborative effort between credit card brands and the PCI-DSS (Payment Card Industry Data Security Standards) Council. The Council has some great resources specifically designed for small businesses.

Where do you operate?

While the PCI Council sets global standards, standards aren’t the same as laws. And when you operate across national borders, that adds several additional layers of complexity. You could be compliant with one nation’s laws while being in violation of the laws of several other countries.

And that’s just for processing payments. Each country also has its own laws for things like accessibility, ownership, encryption, notification, cookies, etc. Professional legal advice may be necessary to help you navigate these treacherous waters.

How secure are you today?

Knowing where you are today gives you the baseline for what still needs to be done. That includes asking questions like:

  • What security protocols are in place to prevent data breaches?
  • How many attacks have those protocols prevented? What kind of attacks were they?
  • How are breaches detected?
  • How are they stopped, and how long does it typically take?
  • How will you maintain the policy’s relevance by staying in touch with new laws, trends, breaches, etc.?

It also means taking the answers to these questions and making them actionable for the organization by educating and mentoring those who must adopt the policies.

This is not ideal approach to digital integrity, on the contrary, it is a very basic, nuts-and-bolts approach, because data breaches are just a single example among a long list of online issues that you ought to consider. However, you have to start somewhere. These are some of the most critical issues that every business, no matter how small, needs to think about. Hopefully, this will be a resource to help you get started in your planning for a data breach.

What will you do if when there’s a breach?

The severity and damage can vary, but some kind of breach is inevitable. When that happens, you won’t have time to figure out what to do. You need an action plan that can be implemented immediately, covering everything from how you stop an attack to how you notify customers whose information may have been compromised.

What’s next?

A digital policy that winds up as a random PDF file on your intranet or shared drive doesn’t accomplish anything. A true digital policy is actionable and sustainable. That means asking yourself questions like:

    • Which jobs or job functions are affected by this policy?
    • What changes need to be made so that the people in those jobs can apply the policies in their day-to-day business processes?
    • How will you communicate the new policies, and where will they be kept?
    • Who will monitor compliance, and how will that be done?
    • How will you maintain the policy’s relevance by staying in touch with new laws, trends, breaches, etc.?
        It also means taking the answers to these questions and making them actionable for the organization by educating and mentoring those who must adopt the policies.

Let me emphasize that I’m not describing an ideal approach to digital integrity. On the contrary, what I’ve described is a very basic, nuts-and-bolts approach, because data breaches are just a single example among a long list of online issues that you ought to consider. However, you have to start somewhere. These are some of the most critical issues that every business, no matter how small, needs to think about. Hopefully, this will be a resource to help you get started in your planning for a data breach.

This article was authored by Kristina Podnar and is reprinted with kind permission.

Speak to one of our Experts?

We help businesses of all shapes and sizes in protecting their vital IT assets. For a consultation with our team as to how we can help protect you from a cyber breach, simply get in touch for a free, no-obligation conversation. Alternatively, our free downloadable guide offers more insight into avoiding (and surviving) a cyber-attack.

Do your Cyber Defences know a good doc from a bad one?

Cisco’s recent mid year Cybersecurity report concludes that it is necessary to raise the security warning flag even higher. Cisco security experts are becoming increasingly concerned about the accelerating pace of change and sophistication in the global cyber threat landscape.

While cyber defenders are generally improving their ability to detect threats, prevent attacks and recover from them more quickly, their efforts are being thwarted by the escalating impact of breaches and the pace and scale of technology change. Rapid growth of mobile and cloud computing have served to dramatically increase the attack surface available for cyber criminals.

We have extracted data below that focuses on commonly observed malware.

figure-3-most-commonly-observed-malware-top-malicious-blocks-november-2016-may-2017

The graphic represents the most commonly observed malware during the period covered by Cisco’s report.

The list features a range of some of the most reliable and cost-effective methods for compromising large populations of users and infecting computers and systems.

The graphic clearly indicates the diverse range of attack methods which businesses now need to protect against.

The traditional protection methods including anti virus and traditional firewalls are no match for many of these attack methods which can be seen to be concealed in ‘normal’ traffic.

All the above appear regularly on lists of most commonly observed malware. The consistency in the list suggests that the Internet has matured to the point where cyber criminals know, with certain confidence, which web attack methods will be most effective at compromising users at scale and with relative ease.

The information may well confirm what you already know, cyber security threats are now unparalleled in scale. Effective protection demands a comprehensive policy backed up by the necessary controls to detect, prevent and remediate the various phases of an attack.

What next?

We help businesses of all shapes and sizes in protecting their vital IT assets. For a consultation with our team as to how we can help protect you from a cyber breach, simply get in touch for a free, no-obligation conversation. Alternatively, our free downloadable guide offers more insight into avoiding (and surviving) a cyber-attack.