Below is a highlight of the key takeaways from the first half of 2020 outlined in the latest Threat Landscape Report from Fortinet’s FortiGuard Labs.
No one could have predicted the degree and magnitude of change we would experience, both within and outside of the cybersecurity industry, in 2020. The first half of the year has demonstrated the dramatic scale at which cybercriminals and nation state actors are willing and able to leverage the global pandemic as an opportunity to launch targeted cyberattacks around the world. They have exploited the fear of individuals and the uncertainties of the pandemic as an attack strategy. And while these attacks cover a spectrum of strategies, they have heavily targeted the sudden expansion of new teleworkers – literally millions of remote workers expanded the digital attack surface almost overnight – along with their vulnerable home networks and devices and unprotected browsers.
At the same time, other attacks continued apace. For example, cybercriminals also continued their use ransomware, relying more than ever on Ransomware-as-a-Service, but this time with a twist. Not only is valuable data being encrypted and held for ransom, an encrypted version of that data is also being posted online, with the threat that if a ransom is not paid, all of the company’s data – ranging from customer information to intellectual property – will be released for public access.
During the first half of 2020, evolving working environments and increased reliance on personal device usage opened the door to increased cyber threat activity. Below, are some of the most prevalent cyber trends from Q1 and Q2 uncovered in the current Global Threat Landscape Report:
CISOs should leverage the intelligence provided in this report to evaluate and update current security measures to ensure that these attack vectors and strategies are properly protected against.
Secure the Endpoint Devices of Remote Workers – The first step is to revisit remote workers to ensure that appropriate security measures are in place to protect data, applications, and resources in use in remote locations, as well as to ensure that they do not become a conduit for malware finding its way into the corporate network. This starts with ensuring that proper security is in place on end-user devices, especially protecting browser activity since web-based malware, delivered through phishing campaigns and other scams, outranked the more traditional email delivery vector in the first half of 2020.
Endpoint devices should be protected with more than just traditional antivirus (AV) and endpoint protection security. New endpoint detection and recover (EDR) solutions like FortiEDR are not only able to identify sophisticated attacks, but also prevent any unknown application, such as malware, from executing until it has been analyzed.
Review ransomware security measures – Organizations should already have a robust ransomware strategy in place. This should include the ability to strip out malicious content in an email using content disarm and reconstruction tools. Networks need to be segmented as part of a ZTNA strategy to limit the resources that can be impacted. Full data backups need to be stored offline and off network to ensure rapid recovery. And data inside the network needs to be encrypted so that it cannot be used or exposed by cybercriminals. This needs to be coupled with a full response strategy that is practiced regularly to eliminate downtime.
Ensure all VPN traffic is being inspected – With the increase in attacks targeting home routers and its connected devices, such as DVRs, it is critical that VPN connections include full inspection looking for malware originating from the home networks of remote workers. This requires having firewalls in place capable of not only managing a dramatically increased volume of VPN traffic, but also the heavy processing load required to inspect encrypted traffic.
Bolster security in OT environments – Increased attacks on OT environments require having security in place that restricts the resources that users, devices, applications, and workflows can access. Fortinet’s full zero-trust network access (ZTNA) solution combines access control and network security solutions designed to secure OT environments and systems, such as SCADA and ICS systems, with networking functions such as access points and network segmentation. This ensures that even if malware manages to circumvent edge security strategies, it will still be limited to a tiny segment of the OT network.
This is just a brief overview of the full Threat Landscape Report for the first half of 2020 now available from FortiGuard Labs. CISOs and other security professionals are strongly advised to read the report, review its recommendations, and take appropriate measures to counter the trends it details.
It is common knowledge that attacks and data breaches attempts are inevitable. Therefore, in addition to specific recommendations above, organizations should focus their efforts at a strategic level on developing a security framework that highlights prevention and incident response while also leveraging AI capabilities to decrease the economic impact of a breach. Research conducted by the Ponemon Institute concluded that, the global six-year average, cost of a data breach amounts to $3.78 million. Although, the financial consequences of a data breach can vary based on several factors, including root causes, network size, and the type of data held by an organization, this cost is only likely to rise as more targeted attacks occur.
As always, the best defense against cyberthreats is good information. Leveraging critical threat intelligence, such as this latest edition of the Fortinet Threat Landscape Report, enables organizations to refocus and refine their resources and strategies so they can remain a step ahead of today’s threat landscape.
Read more about the latest cybersecurity threat trends and the rapidly evolving threat landscape in our latest 2020 Threat Landscape Report.