For years, cybersecurity professionals across the globe have been highly alarmed by threats appearing in the form of malware, including Trojans, viruses, worms, and spear phishing attacks. And this year was no different. 2018 witnessed its fair share of attacks, including some new trends: credential theft emerged as a major concern, and although ransomware remains a major player in the cyberthreat landscape, we have observed a sharp decline in insider threats.
This especially holds true for the UK and Germany, which are now under the jurisdiction of the General Data Protection Regulation (GDPR). However, in the U.S., insider threats are on the rise, from 72% in 2017 to an alarming 80% in 2018.
The Value of Data Backups
When WannaCry was launched in May 2017, it caused damages worth hundreds of billions of dollars, affecting 300,000 computers in 150 nations within just a few days. According to a CyberEdge Group report, 55% of organizations around the world were victimized by ransomware in 2017; nearly 87% chose not to pay the ransom and were able to retrieve their data thanks to offline data-backup systems. Among the organizations that had no option other than paying the ransom, only half could retrieve their data.
What does this teach us? That offline data backups are a practical solution to safeguard businesses against ransomware attacks. Luckily, highly efficient and practical cloud-based backup solutions have been introduced in the market, which can help businesses adopt appropriate proactive measures to maintain data security.
Security Concerns Give Way to Opportunities
However, there are concerns with regards to cloud security, as well with data privacy and data confidentiality maintenance. For instance, apprehensions regarding access control, constant and efficient threat-monitoring, risk assessment, and maintenance of regulatory compliance inhibit the holistic implementation of cloud solutions.
But while these concerns act as impediments for companies, they also serve as opportunities for security vendors to step into the scene and develop richer and more effective solutions.
And, make no mistake, there is a definite need for better solutions. According to Verizon’s 2015 Data Breach Investigations Report, even after the Common Vulnerabilities and Exposures (CVE) was published, 99.9% of exploited vulnerabilities went on to be compromised for more than a year, despite the availability of patches.
Why? Despite IT security experts’ insistence on regularly monitoring and patching vulnerabilities in a timely manner, doing so has its challenges; patching involves taking systems offline, which, in turn, affects employee productivity and company revenue. Some organizations even fail to implement patching due to lack of qualified staff. Indeed, more than 83% of companies report experiencing patching challenges.
This is all to say, today’s dearth of effective patch and vulnerability management platforms provides opportunities for vendors to explore these fields and deliver cutting-edge solutions. And with IT security budgets healthier than ever, there’s a glimmer of hope that businesses will indeed invest in these solutions.
Let’s see what 2019 brings.
Read “Radware’s 2018 Web Application Security Report” to learn more.
Fabio is Technical Director EMEA-CALA, responsible for Systems Engineering in the theater. With a long experience, he began his career in software development for aerospace systems before getting into IT vendor ecosystem with Bay Networks/Nortel and Juniper Networks, up to being Technical Director EMEA for the Telecom, Cloud and Content businesses.
Fabio writes about technology strategy, trends and implementation.
*** This is a Security Bloggers Network syndicated blog from Radware Blog authored by Fabio Palozza. Read the original post at: https://blog.radware.com/security/2018/11/evolving-cyberthreats-its-time-to-enhance-your-it-security-mechanisms/