Cybersecurity has hit the agenda so quickly that it is now a “paramount national security risk”, one futurist warned even as French presidential candidate Emmanuel Macron weathered an email hack on the eve of the country’s election.
Little wonder that another expert suggested that cybersecurity is “by far” the biggest threat to small and medium enterprises. But with results of user education varying dramatically, it never hurts to have another technique to try to get them to use stronger passwords – or to work to secure employees’ home endpoint devices.
If nothing else, a concerted effort at improving human defences now will help boost corporate defences to financial cybercrime – which is still keeping banks up at night. As always, reducing the chances of a serious compromise requires a commitment to addressing the basics.
China is attempting to address the basics by using regular security checks on IT vendors that are designed to identify vulnerable Internet and networking services early on. They’d be wary of compromises such as a sneaky Gmail phishing attack, which incorporates a fake Google Docs app.
That’s a problem given the reliance on cloud-based applications that, a Google executive said, can ease the burden of data protection compliance. Indeed, online platforms require particular vigilance as many warn that a phishing attack or ransomware infection may just be a lead indicator of a broader extortion or fraud attempt.
Mac users were being warned about new malware – linked to Russian attackers who recently ported their Windows backdoor program to macOS – that snoops on encrypted connections, while the Xen project was hit with the third highly critical virtual-machine escape bug in 10 months, Intel rolled out a patch to fix a severe vulnerability in some Intel-based business computers, and Android got security patches for over 100 vulnerabilities affecting a range of components.
Search engine Shodan took a new approach to botnet management, launching a service that enables security researchers and law enforcement officers to look for malware command-and-control servers. It’s a notable step forward that could help improve the response to new malware families.
Security practitioners are still suffering threat alert fatigue, while employers are suffering their own form of fatigue as they try to derive meaning from the range of cybersecurity credentials in the market.
This, as experts warned about tightening controls on third-party access and remaining extra vigilant when choosing the right cybersecurity products in the face of often dubious claims by cybersecurity product vendors.
Meanwhile, criminals are continuing to explore new methods for financial exploitation, with fraudulent gift cards becoming increasingly popular. Another group was abusing the Windows Application Compatibility Infrastructure to facilitate financial crimes, while others were notching up their success in compromising government agencies with a Frankenstein malware framework built from a range of publicly available tools. Others are sticking to old favourites, with the average ransomware demand now past $US1000 ($A1320).
New technologies were causing other problems, too: India’s Supreme Court, for one, was hearing a challenge to a biometric authentication system that forces the use of biometrics identifiers when filing tax returns. These sorts of real-world problems are just some of the many challenges facing innovative security startups, who need to hedge their bets carefully to maximise their chances of survival.