6 growing threats to network security
Connecting state and local government leaders
The network has become not only a target but also a channel for disruption -- distributing DDoS, phishing, ransomware and other types of malware attacks.
The modern, globally connected digital world demands that business applications, data and services be constantly available from any location, which means networks must span multiple hosting environments, fixed and mobile devices and other forms of IT infrastructure. But just as networks are a key enabler for the enterprise, they are also a source of extended risk. Hackers, cyber criminals and state-sponsored actors are constantly spawning new network attacks to compromise, steal or destroy critical information and disrupt organizations for their own ends.
The network has become not only a target, but also a channel for disruption: It’s a primary route of distribution for distributed denial of service (DDoS), phishing, ransomware, worms and other types of malware attacks.
Last year was arguably the most dangerous ever to be a network administrator, given the growth in new attack methods being directed at public- and private-sector IT systems. Cyber incidents targeting businesses nearly doubled from 82,000 in 2016 to 159,700 in 2017, according to the Online Trust Alliance. And there is every sign 2018 will end up just as perilous as new threats emerge. Network managers should take a good, long look at their security infrastructure and upgrade plans as they prepare to respond to the following six network threats:
1. DDoS attacks are proliferating. The volume and strength of DDoS attacks are growing as hackers try to bring organizations offline or steal their data by flooding websites and networks with spurious traffic. Two factors are helping criminals in their endeavors. One is the widespread availability of “DDoS for hire” services, whereby hackers rent out their skills for very low sums of money. The other is the growing volume of internet-of-things products with poor security defenses that are being attached to device-to-device, edge and core networks. Botnets that hijack vulnerable IoT devices can spread quickly via the network and quickly infect hundreds or thousands of products before directing spurious traffic at target websites and infrastructure.
Remedy: Be sure to create a DDoS mitigation plan. Protect networks against DDoS attacks by monitoring and controlling LAN/WAN traffic flows and device bandwidth consumption to receive earlier warnings of attack.
2. Network-based ransomware is designed to destroy systems … and data. Self-propagating ransomware attacks that quickly spread across systems do not rely on humans to click a button, download a file or plug in a USB stick. They just need an active and unpatched workstation (think WannaCry and NotPetya) and an automated software update. Many security researchers believe that the primary purpose of some ransomware attacks is not to extort money but to deliberately destroy data on infected systems.
Remedy: Perform regular backups of mission-critical data, ensure all systems and applications are patched and up to date and use vulnerability assessment tools to find gaps in defenses. It’s basic stuff, but it couldn’t be more vital.
3. Malware is evolving, with activity masked by legitimate cloud services. Today’s business needs have changed the way enterprises send and store sensitive data, with more organizations using off-premise cloud-hosted repositories and services (with or without the consent and direction of the resident IT department). But these are also popular services hackers can use to register accounts, start web pages, encrypt their malware, hide domains and IP addresses and cover their tracks by deleting the account afterwards – all at low cost, pay-as-you-go prices. And popular cloud services like Google, Twitter and DropBox are also difficult for security managers to block, leading to a multitude of vulnerabilities.
Remedy: Threat intelligence monitoring and analytics are more advanced than ever before. These services can identify suspicious behavior that could indicate legitimate services disguising hacking activity.
4. Insider threats show no sign of diminishing. Insider threats are said to be responsible for anything from 25 to 75 percent of enterprise data breaches and are usually driven by financial gain, industrial espionage or just plain incompetence or misuse. But the majority of network security defenses remain configured to protect the perimeter from external, rather than internal, hackers -- those who already have legitimate, authorized access to their organization's networks and often operate under the radar with few or no limitations on the information they can access or transfer.
Remedy: Prioritize critical assets, implement a formal insider-threat program, document and enforce security policies and controls, monitor employee activity at the network and host level, and raise inside threat awareness among staff through training.
5. Encryption is meant to enhance security, but it’s also helping hackers to conceal their communications. We’ve seen a big rise in the percentage of network traffic that is encrypted -- a natural consequence of organizations protecting sensitive data by scrambling communications. But this approach to securing data cuts two ways, with threat researchers also noticing a threefold increase in the volume of encrypted network communication employed by malware in 2017. Encryption gives hackers more time and space to operate prior to their eventual detection and remediation.
Remedy: Use machine learning and artificial intelligence to identify unusual patterns in encrypted web and network traffic and send automatic alerts to security staff if issues merit further investigation. Automation really is the future of network security.
6. Cyberattacks get personal as social engineering targets executives and HR. Malicious emails are vital tools for hackers because they take malware straight to the end point. Hackers are identifying high-value (and vulnerable) individuals within organizations, commonly hiding code in Microsoft Word, PowerPoint and Excel file extensions as well as PDF documents and archive files. Business email compromise attacks are increasingly being employed to impersonate a trusted identity (like CEOs, HR departments or tax authorities) to encourage targets to make payments or share sensitive information. Meanwhile, email account compromise tools can usurp a hacked (but legitimate) email account to circumvent other cybersecurity defenses and deceive intended victims. It’s a continually growing concern.
Remedy: Raise user awareness of the risks through formal training programs and email usage policies, set email spam filters to high and keep software and systems up to date. Network security is a continual process -- agencies must stay on top of it to stay ahead of the hackers.