It’s obvious to any capable IT and cybersecurity professional that some industries are at higher risk of cyberattack than others.
Whether for financial gain or, in the case of the recent ‘Grayling’ incident espionage, state-sponsored threat actors are often ahead of the game when it comes to exploiting systems and network vulnerabilities.
Symantec’s research revealed a new group of cyber-criminals using a combination of custom-made malware and readily available tools to target businesses within the IT, manufacturing, and biomedical industries in Taiwan, plus organisations in Vietnam and the US. The sophistication and resourcing of Grayling, and other state-sponsored cyber-criminal groups, highlights the need for all entities to equip their cyber-defences with state-of-the-art antimalware.
All too often, commercial and government cyber-defences are successfully circumvented, leading to significant breaches of sensitive and personally identifiable data, much of it unencrypted. Thousands, if not millions, of records are routinely compromised, with damage extending up and down the digital supply chain.
It should go without saying that, as the sophistication of cyber-attacks grows, so should the sophistication of cyber-defences. Unfortunately, the reality is somewhat different. In the final analysis, many of today’s breach nightmares are found to be the result of cyber-criminals exploiting the vulnerabilities of outdated, legacy systems that are simply not fit for purpose. One need only look at the recent Microsoft, Dropbox, and MOVEit disasters to understand the potential scale of the problem. In the case of MOVEit, the true scale of the incident is yet to be quantified, but at the time of writing over 2,000 companies and 60 million data records have been compromised.
As the saying goes: “We need a plan B”. Hackers always seem to be one step ahead; identifying and exploiting vulnerabilities faster that cyber-defences can plug the gaps. Plan A should always be to optimise your ‘prevention’ defences. Plan B acknowledges that breaches are inevitable and focuses on protecting your networks and data should the worst happen. In order to succeed, plan B cannot rely upon legacy solutions that are constantly playing catch-up.
One example is SureDrop, the secure file sharing, storage, and collaboration platform. SureDrop provides the maximum security necessary in our remote working and digital communications world. Unsecure business practices see commercial, professional and government organisations continue to share confidential documents by email or the use of vulnerable public file sharing and storage services.
Lawyers and accountants that share professional advice risk serious litigation in the event the data is stolen. Government agencies (tax, human services, etc) and financial services (banks, insurers) organisations that share citizen identity and private information risk catastrophic data breaches affecting citizens and businesses alike.
File sharing, storage and collaboration solutions often utilise cloud and/or on premises applications that are not secure by design. With the emphasis on convenience and accessibility, security is often seen as an add-on, leading to system-wide vulnerabilities. Even if your application promises data encryption, maximum security demands more than just an algorithm. Secure key management and storage are vital elements of the mix, which can be further enhanced with file fragmentation and 100% data location control.
In a world where people and businesses are threatened by a constantly evolving cyber-threat landscape, cybersecurity solutions need to offer more than the ability to shut the stable door quickly after the horse has bolted. State-of-the-art cyberthreats demand state-of-the-art cybersecurity.
Useful links
