Over the past few weeks, cybersecurity seemed to steal the spotlight everywhere in world news. A major hotel chain saw a thousand hotels confirm a credit card breach, a major patch from Microsoft, Google fixing a phishing vulnerability within Chrome and our old friends the Equation Group making the news at six and 11.
All of the events are different and had different impacts, but they all highlighted the fact that we live in a digital and physical world where anything connected to the Web can be hacked with just a single exploit.
Microsoft says most of the things are patched. Or can't be reproduced on newer platforms https://t.co/i7HF30lmCh
— Ryan Naraine (@ryanaraine) April 15, 2017
Typically, when cybersecurity news breaks, you will hear a lot of fear, uncertainty, and doubt about what the real risk was or is. Luckily, our Global Research and Analysis Team (GReAT) is constantly monitoring the threat landscape.
Last week, the group rolled out a new report entitled “Exploits: how great is the threat?”
The report is quite detailed and worth the read for corporate IT professionals or anyone interested in learning more about the landscape we’re now facing. However, for those of you with little time to spare, we’ve highlighted three points that we think IT teams should be aware of and be prepared for.
Three stats for IT
- The number of corporate users who encountered an exploit at least once increased 28.35% to reach 690,557, or 15.76% of the total amount of users attacked with exploits.
- Browsers, Windows, Android, and Microsoft Office were the software exploited most often — 69.8% of users encountered an exploit for one of these applications at least once in 2016.
- Targeted attackers and campaigns reported on by Kaspersky Lab in the years 2010 to 2016 appear to have held, used, and reused more than 80 vulnerabilities. About two-thirds of the vulnerabilities tracked were used by more than one threat actor.
Within the report, among the top 10 vulnerabilities exploited were on Windows OS, Flash, Java, and Microsoft Office. At this point, that should not be a surprise to anyone, but it should raise concerns for corporate teams in security, IT, and data protection.
So, what can you do? For starters, take the security of your organization seriously. Look for areas of weakness and educate yourself on ways to fix them or to bring in outside help to assist you. Also keep these five tips from GReAT in mind for your network.
- Educate your personnel on social engineering. Social engineering is often used to compel a victim to open a document or click on a link infected with an exploit.
- Use appropriate security solutions. In particular, you need a security solution equipped with specific exploit prevention mechanisms or at least behavior-based detection technologies.
- Stay up to date. Keep all of the software installed on your PCs up to date, and enable the auto-update feature if it is available.
- Employ patch management. If you are managing a network of PCs, use patch management solutions that allow for the centralized updating of software on all endpoints under your control.
- Choose software wisely. Whenever possible, choose a software vendor that demonstrates a responsible approach to vulnerability problems. Check if the software vendor has its own bug bounty program.
If you are looking a new security solution or want to evaluate your options, try out our recently updated Kaspersky Endpoint Security for Business. The link will give you a 30-day free trial.