Symantec Outs Annual Cyber Threat Report, States Way To Avoid Cybercrimes
Peter Sparkes, Senior Director, Cyber Security Services, Asia Pacific & Japan, Symantec |
Data showed that there's an alarming increase in targeted attacks aim toward politically motivated sabotage and subversion. It includes multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups.
“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” said Peter Sparkes, Senior Director, Cyber Security Services, Asia Pacific & Japan, Symantec. “The world saw specific nation states double down on political manipulation and straight sabotage. Meanwhile, cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”
“This was an incredibly audacious hack as well as the first time we observed strong indications of nation state involvement in financial cyber crime,” said Peter Sparkes, Senior Director, Cyber Security Services, Asia Pacific & Japan, Symantec. “While their sights were set even higher, the attackers stole at least US$94 million.”
According to Symantec, here are some of the best practices on how to stay safe from cybercriminals:
- Don’t get caught flat-footed: Use advanced threat intelligence solutions to help you find indicators of compromise and respond faster to incidents.
- Prepare for the worst: Incident management ensures your security framework is optimized, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
- Implement a multi-layered defense: Implement a multi-layered defense strategy that addresses attack vectors at the gateway, mail server and endpoint. This also should include two-factor authentication, intrusion detection or protection systems (IPS), website vulnerability malware protection, and web security gateway solutions throughout the network.
- Provide ongoing training about malicious email: Educate employees on the dangers posed by spear-phishing emails and other malicious email attacks, including where to internally report such attempts.
- Monitor your resources – Make sure to monitor your resources and networks for abnormal and suspicious behavior, and correlate it with threat intelligence from experts.
- Change the default passwords on your devices and services: Use strong and unique passwords for computers, IoT devices and Wi-Fi networks. Don’t use common or easily guessable passwords such as “123456” or “password”.
- Keep your operating system and software up to date: Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by attackers.
- Be extra careful on email: Email is one of the top infection methods. Delete any suspicious-looking email you receive, especially if they contain links and/or attachments. Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content.
- Back up your files: Backing up your data is the single most effective way of combating a ransomware infection. Attackers can have leverage over their victims by encrypting their files and leaving them inaccessible. If you have backup copies, you can restore your files once the infection has been cleaned up.
Post a Comment