Page 25 - Cyber Warnings
P. 25
increase in ATM-related malware, banking Trojans, and ransomware. The report found that
more than 100,000 banking Trojans were detected in 2015 alone.
However, malware rarely uses new or undiscovered vulnerabilities. Instead, most malware
relies on bugs previously fixed by the vendor, but not widely remediated in an enterprise, which
reinforces the importance of installing patches and updating software.
3. Attackers have shifted their efforts to directly attack applications
As attackers continue to evolve their methods, defenders must recognize their enterprises are
evolving as well. The traditional network perimeter has dissolved, and with today’s mobile
devices and broad interconnectivity, the actual network perimeter is likely in someone’s pocket
right now. According to the report, approximately 75 percent of the mobile applications scanned
exhibited at least one critical or high-severity security vulnerability. Attackers realize this too,
and are no longer just targeting servers and operating systems. They have shifted to directly
targeting these applications. Attackers see this as the easiest route to data held within an
enterprise and are doing everything they can to exploit it.
Today’s security practitioner must understand the risk of convenience and interconnectivity to
adequately protect it. They must build security into every facet of the IT stack and focus on
protecting the interactions between users, apps and data regardless of device or location.
Combating the changing threat landscape
Just as the report shows the means by which attackers evolve, organizations must shift their
focus to meet the threats head on. This evolution might not always be easy or even welcome,
but it must occur. Reviewing the Cyber Risk Report 2016 can be that first step taken to better
understand the threat landscape, and where to best deploy resources to improve your security
posture.
About The Author
Dustin Childs is a senior security content developer and evangelist with
Hewlett Packard Enterprise Security Research. In this role, Childs writes
and edits security analysis and supporting content from various HPE
researchers. Mr. Childs also is responsible for providing insight into the
threat landscape, competitive intelligence to the research team, and
guidance on the social media roadmap. Mr. Childs focuses much of his
research on the practicalities of maintaining security and privacy in the
real world through practical solutions, such as patch management. Part of his role also includes
speaking publicly and promoting the research and technology of HPE. He has presented at
numerous conferences including BlueHat and ThotCon.
Prior to joining HP, Mr. Childs worked in response communications as a part of the Microsoft
Trustworthy Computing (TwC) initiative. He also worked as a security program manager in the
Microsoft Security Response Center (MSRC) and is a veteran of the U.S. Air Force.
25 Cyber Warnings E-Magazine – March 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
