InfoSec 2019 Highlights
1. Industry gaps and challenges
Perhaps our most significant takeaway from Infosec was a deeper understanding of the needs in the cybersecurity industry – people’s current concerns are primarily focused around Insider Threats, Incident Response, and the Dark Web as a platform to gain access to Enterprises, as well as corporate espionage.
Some statistics to take away:
- “Nearly 100% of data breaches start with stolen credentials” (Entrust)
- “Email is the primary delivery mechanism for data loss and malware –65% of targeted attacks use spear-phishing campaigns from Office 365.” (Symantec)
Organisations are not taking enough measures to mitigate risk…
Although security awareness training is on the rise, there are still critical gaps in cybersecurity training that leave companies vulnerable to infiltration.
- “70% of organisations with security awareness training have had an incident caused by employee security behavior.”
- “96 % of social attacks, from phishing to tail-gating, are not reported by employees, impeding detection.”
- “22 % of employees on average still click on phishing emails within organisations that believe they have a good security culture.”
The statistics demonstrate that there is always room for improvement when it comes to security awareness training. The industry not only needs to improve on how to prevent a breach from happening but how to deal with the aftermath and consequences that follow.
2. Human Error, the Ultimate Pitfall
In the realm of cybersecurity, the ultimate pitfall of any organisation is human error – irrespective of how impenetrable their security may seem. As such, any gaps in training and education are detrimental to the cybersecurity of any given enterprise. Countless firms were drawing attention to this crucial yet often overlooked aspect of cybersecurity, this theme was dominating Infosec 2019.
“Defense against social engineering techniques needs to be built around stringent frameworks for gaining and maintaining trust in your colleagues, customers, and all third parties you work with.” (DocsCorp)
Read here for practical steps on how to minimise the risk of human error in your organisation.
3. Maersk: The Largest Known Cyberattack
A particularly informative keynote speech at Infosec was given by Adam Banks, Chief Technology and Information Officer at Maersk. Adam reflected on the most devastating cyberattack known to date – NotPetya, 2017.
The malware attacked all types of businesses, from shipping ports to law firms. NotPetya successfully gained administrator access to machines. NotPetya successfully infected corporate networks, by gaining privileged access to unprotected machines, where the malware was able to propagate to other vulnerable systems.
Adam Banks shared his personal experiences of crisis-management and subsequent policy implementation which Maersk has kept in place to this day, underlining the key measures other organisations should implement in order not to be susceptible to such attacks.
Watch our webinar on cyberattacks, covering the most prevalent types of attacks and how they’re conducted – highlighting the importance of a penetration test.
4. Cybersecurity Back on the Front Foot?
2018 reports indicate a sizeable drop in malware and ransomware levels – however, the experts at Infosec are adamant we cannot let these statistics lead to complacency.
So, how safe are we really?
- Cybercrime is projected to cost organisations and businesses as much as $6 trillion annually by 2021, as per 2019 ACR from Cybersecurity Ventures.
- 1 in every 302 emails received by public administration users is malicious, according to Symantec’s ISTR 2019 report.
- In January 2019, a staggering 1.76 billion records were leaked.
Evidently, the severity and frequency of cyber attacks are staggering, and cybersecurity cannot afford to let its guard down in light of other stats, no matter how optimistic they may seem.