Quarterly Cyber Security Research!
One of the advantages of being a leading Managed Services Partner in West Yorkshire is the access we receive to the latest quarterly research in our industry. Last week I attended webinars provided by two of the leading brands we promote, namely Sophos and Proofpoint, with reference to the hot-topic of Cyber Security.
Top Threats of 2024
At a top level, the top cyber security threats of 2024 as per the quarterly updates were as follows:-
- Ransomware/Extortion – Continued prevalence of ransomware-as-a-service, extortion only tactics, and now remote ransomware has tripled in the last two years.
- Data and Credential Theft – Nearly 50% of malware is password stealers, keyboard loggers, and other spyware. Phishing and malware exposes small businesses’ data on cloud platforms and service providers.
- Malicious Drivers – Attackers are increasingly turning to vulnerable drivers from legitimate companies or malicious drivers that have been signed, stolen, or fraudulently obtained certificates.
- Unmanaged Devices – Unmanaged computers without security software installed, improperly configured devices, and systems running software that has fallen out of support by manufacturers.
The prime targets for cyber attacks are small and medium businesses, with 75% of incident response cases coming from the SME sector. SME’s receive particular focus from cyber criminals since they are typically under-resourced and lack the budget to minimise the attack surface and prevent emerging threats. Therefore attackers tend to target the SME sector with ransomware and malware to extract value from data theft.
As a Sophos Gold Partner, Fusion promote the range of Sophos solutions to guard against cyber threats. This is not based on commercial bias or financial incentives for Fusion, but rather on the capabilities of Sophos’s product set/offering.
In fact Gartner and KupperingerCole, two highly respected and independent bodies in the IT sphere, have recognised Sophos’s leadership in the cyber security sector as follows: –
A Gartner Leaders in Endpoint Security (14th Consecutive Time) | A KupperingerCole Leader in Email Security |
Sophos has been named a Gartner Leader in endpoint security in 14 consecutive reports | Sophos Email was named a Market Champion Product and Market Leader by KupperingerCole |
No other vendor has been named a Gartner Leader in endpoint security more times than Sophos | Sophos is one of only four vendors for achieve Market Champion, indicating leadership across the Product and Market categories |
Sophos also named Gartner Customers’ Choice for endpoint security for the second consecutive year | This is Sophos Email’s first leadership placement in an analyst evaluation |
I think the main point to make on the above industry recognition points is that not all cyber security solutions are created equal. Clients should not choose a solution based purely on price, but rather on the capabilities of the protection (and its visibility of threats) to prevent them from being attacked, hacked and fined. Yes, money is always a consideration, but Fusion can offer Sophos solutions on an OpEx model to manage the investment in cyber security measures.
Data Loss is Pervasive and Disruptive
In addition to the above four points on the Top Threats of 2024, other findings from my webinar attendance included the following on Data Loss, following a recent survey by Proofpoint.
- 85% of respondents have experienced one of more data loss incidents in the past year
- 15 is the mean average of incidents per organisation, amounting to more than one incident a month
- Data loss is caused by ‘people‘ – careless and malicious Users are the leading causes of data loss and this stacks-up as follows:-
71% – Careless Users |
48% – Compromised Systems |
45% – Misconfigured Systems |
20% – of Respondents stated that a malicious employee or contractor was the cause of data loss, bringing with it dire consequences |
- 1% of Users are responsible for 88% of data loss events and the identity of this 1% is likely to change month over month.
So even a small number of Users who are susceptible to data loss activity can cause a substantial ‘ripple effect’ with a dis-proportionate negative fallout for the organisation as a whole.
Misdirected email
A significant cause of Data Loss is misdirected email. In fact, misdirected email is one of the simplest and most significant sources of data loss with:-
- 1 out of 3 Users (from the respondents) having sent one or two emails to the wrong recipient
- 84% of these misdirected emails contained attachments (potentially with sensitive information) in the last year.
Personally, I do not find this surprising due to the AutoComplete function in email client software like Outlook, where you may have several email addresses beginning with a generic address like ‘Accounts@’, which can be used by several different organisations and for whom it could be possible to select the wrong one, if a User is rushed and caught off guard. Likewise if you have several contacts with the same first name it is easy to select the wrong one like in the ‘James example’ on the right.
Access to sensitive data
One of the greatest, if not the greatest risk of Data Loss, stems from employees with access to sensitive data.
In the research by Proofpoint this manifested itself as follows from the survey results:-
63% – Employees with access to sensitive data – includes HR professionals, Finance teams, and customer support personnel |
51% – IT Users with privileged credentials |
29% – Departing employess – 87% of anomalous cloud file exfiltration attempts were caused by departing employees |
25% – Partners / suppliers |
23% – Executives |
19% – Researches / developers |
Privacy and cost are driving DLP programs
Based on the above data leakage statistics there has been a rise in the need for Data Leakage Prevention (DLP) driven by the following factors:-
- 50% cited to protect the privacy of employees and customers
- 41 % stated to minimise costs associated with data loss
- 39% referenced to protect their company’s reputation
- 39% stipulated to protect their intellectual property
- 38% cited to meet regulatory standards
- 32% stated to meet internal compliance standards
- 30% referenced to ensure competitiveness
These factors are not surprising considering 1) the importance of GDPR compliance to ensure the privacy of data and avoid fines from the ICO, 2) the need for companies to reduce the cost of cyber insurance by having measures in place, which the underwriters deem as a positive factor on premium calculation, 3) the ability to limit reputational damage which can ‘go viral’ very quickly following and incident and has led to the downfall of some companies and 4) the stringent regulation of some industries which requires suppliers to be compliant in order to trade.
So when it comes to data, what are the most concerning data types?
59% – Valuable corporate data |
53% – Customer Personally Identifiable Information (PII) |
47% – Intellectual property |
36% – Employee Personally Identifiable Information (PII) |
36% – Credit / debit information |
24% – Protected Health Information |
One thing that is clear from the research is visibility into sensitive data, User behaviour and threats in the most important DLP capability and a ‘single pain of glass’/console to facilitate this is essential for IT Managers/Network Administrators or MSP managing client’s network.
I hope you have found this information useful and if you need any advice on how to protect your organisation or deploy DLP tactics, please do not hesitate to get in touch.
Thanks
Richard