How to: the CIO’s guide to fending off anticipated cyber attacks

The end of last year signalled a stream of stark warnings from cyber security experts stating that 2017 will experience an upsurge of DDoS, IoT and ransomware attacks, exceeding by far the record in 2016.

It was a year that saw some of the most well-established and well-known companies become the target and victims of significant cyber criminal attacks. Indeed over the course of 2016 there were a staggering 1.6 billion data breaches.

Last year also witnessed some of the largest DDoS attacks on record, with attacks topping 1 Tbps – and these are only set to rise.

The largest attacks on record in 2015 were in the 600 Gbps range. Now only two years down the road, expect to see DDoS attacks grow in size which provides further encouragement for tailoring solutions to protect and mitigate against these grand scale attacks which have been occurring throughout the year.

Businesses can only expect to see more relentless and hard hitting attacks in 2017, so precautions must be taken.

>See also: The changing role of the CIO and boardroom in 2017

The Dyn attack which made major internet platforms and services unavailable to large swathes of users in Europe and North America can be considered the most notorious attack of 2016.

The reality is that public and private organisations need to brace theirselves for an even higher magnitude of cyber attacks in 2017, hence the need for changes in attitude towards cyber security.

Ransomware is a category of attack which increased a lot in 2016 and this type of cybercrime will develop throughout this year into more sophisticated types of extortion that add social engineering to the mix.

Also troublingly DDoS of Things (DoT) will also emerge as an attack method which means CIOs and security teams need to really tighten up our security protocols.

Other developments that are posing a substantial threat are the proliferation of internet connected devices which are often not protected by the enterprise’s security procedures.

Both IOT and BYOD as developing trends are both posing headaches to the CIO who is under pressure to protect the organisation from both internal and external threats.

The continued use of connected devices and the dangers they bring about will continue to confound many IT security professionals and help threat actors propagate their malicious activity at greater scale.

By abstracting the devices and the malware they create, we dig into the root of the problem: the outcome, which, in this case, is a colossal DDoS attack.

>See also: Four ways CIOs have to take charge of digital transformation

As the DoT continues to reach critical mass, device manufactures must change their behaviour to help curb it. They must scrap default passwords and either assign unique credentials to each device or apply modern password configuration techniques for the end user during setup.

Although both organisations and individuals are not helpless bystanders in the fight against the attacking forces. Proper training on security alongside accountability will help the CIO in maintaining defence against the cyber attacks.

Two of the fundamental issues that allow these breaches to take place are the fact that businesses are unwilling to spend out on necessary security and prioritise and that there is a lack of education amongst the public when it comes to cyber security.

Effective cyber defence requires paying attention to the technologies that are available and using them in the way they are supposed to be used.

Companies that take this approach will construct effective barriers meaning hackers will go elsewhere and find an easier target to attack. So what are some of the most pertinent threats in 2017 and what can be done to protect organisations and individuals?

New European laws coming into force this year, which will call upon big companies to adopt risk management practices and report major security incidents, should encourage businesses to feel more inclined to consider security precautions as a priority.

But crucially, by giving cyber security the attention it deserves and investing in well-managed security controls, damage control won’t be necessary.

Organisations also have a responsibility to invest in well-managed security tools, which have controls designed to prevent, detect, contain and remediate data breaches.

>See also: The CIO and how to accelerate practical change in the boardroom

Furthermore, organisations should take care to share simple safeguarding techniques amongst employees and make sure that they are educated around the type of attacks to expect, but ultimately protection systems need to be put in place to keep hackers out.

As employees are an organisation’s greatest tools, the way they contribute to securing the company should also be well-managed.

CIO’s and CISO’s should make it a their number one objective to ensure staff have the knowledge, tools and ability to keep themselves and the organisation safe from the myriad of threats that are looking to jump over low barriers or get through chinks in the security armour.

With organisations and individuals facing so many threats now including IoT, DDoS, BYOD and ransomware it is clear that we all need to be more aware of the ever increasing amount of dangers.

In order to protect our individual data and to keep organisation’s safe and secure it should be a priority to become more personally aware and to invest more in all aspects of security.

Employers and employees should all be accountable and vigilant, ensuring that a cyber attack doesn’t affect the organisation they work for.

The damage from successful cyber attacks can be quite significant and create a lasting mistrust amongst consumers that can damage the bottom-line.

 
Sourced by Mike Hemes, regional director, western Europe, A10 Networks

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...