The Ivanti Threat Thursday Update for August 24, 2017: Fewer Attacks, But More Losses?
Greetings. In this edition: the latest threat intelligence from IBM Security, plus a slew of new cybersecurity laws in Texas. Please feel free to share any opinions, reactions, suggestions, or tips you deem relevant. Thanks in advance.
IBM Finds Fewer Attacks – But More Records Lost
IBM Security has released the IBM X-Force Threat Intelligence Index 2017. Its findings are based on “insights from nearly 300 million monitored endpoints, 23 billion analyzed web pages and 1 trillion monitored security events a month,” according to IBM. Some of those findings, as reported by Enterprise Times:
- “Over 4 billion records were leaked in 2016 which is more than 2014 and 2015 combined.” This despite the fact that “IBM customers monitored by X-Force actually saw a drop in the number of attacks compared to 2015.”
- “[S] pam has continued to grow. In 2016 it was up more than four times the previous year. More than 44% of those emails containing malicious attachments. 85% of those attachments were ransomware which has earned criminals significant sums of money.”
- The top five targeted industry sectors: Financial Services, Information and Communications, Manufacturing, Retail, and Healthcare.
- “In both financial services and healthcare the insider threat is greater than the external threat. Interestingly in both cases the inadvertent actor [an insider victimized by phishing or social engineering] is the biggest risk. In financial services over 50% of attacks are down to the inadvertent actor. In healthcare it is around 46%. For the other three most attacked industry sectors the external threat represents over 90% of the attacks that they face.”
What We Say: A reduction in the number of attacks by no means indicates a lessening of threats to your enterprise. To maximize protection and minimize disruption of its operations, your enterprise’s cybersecurity measures must be multi-layered, comprehensive, and proactive. This becomes more critical as threats and attack vectors continue to evolve and multiply. Whatever industry your enterprise is in, it must be able to identify, isolate, neutralize, and remediate threats, reduce vulnerabilities, and protect personal, private, and critical business information. To accomplish these goals, you must combine modern, effective technologies with active, repeated user engagement. (See “Infected by Ransomware—Now What?” and “User Education for Cybersecurity: Yes, It’s Worth It.”)
Texas Goes Big in Cybersecurity
Texas has passed several new and revised laws related to cybersecurity. Most of them are due to take effect as of September 1. Based on an analysis by Greenberg Traurig, LLP and published by Lexology, with this new raft of laws, Texas “has taken a leadership role [among U.S. states] in addressing various cybersecurity and data privacy issues.”
- “The Texas Cybersecurity Act establishes certain cybersecurity requirements for all state agencies in Texas, adds cybersecurity as an element of the [state agency] sunset review process, creates a cybersecurity council, and requires that certain agencies conduct studies and reports related to cybersecurity threats and responses.”
- The new law requires the state’s Department of Information Resources (DIR) to “develop and implement a plan to address cybersecurity risks and incidents in the state.” The DIR must also “provide mandatory guidelines to state agencies regarding the continuing education requirements for cybersecurity training to be completed by all information resources employees.”
- All state agencies must now “conduct an information security assessment of the agency's network systems, data storage systems, data security measures, and information resources vulnerabilities at least once every two years,” and report the results to the DIR. Each agency also “shall submit a biennial data security plan to the DIR and conduct a vulnerability and penetration test of the agency's website and any mobile applications that process any personally identifiable or confidential information.” The new Act also “expands the categories of information that, if compromised, would trigger an agency’s duty to notify affected individuals,” and requires state agencies to report actual or suspected security breaches to the DIR.
- “Institutions of higher education must adopt and implement a policy for websites or mobile applications operated by the institution to ensure that the privacy of individuals is protected and the confidentiality of information processed by the websites or applications is preserved.”
What We Say: Legislation alone cannot guarantee better cybersecurity. However, legislation can help to codify and standardize more effective cybersecurity practices. By mandating and investing in cybersecurity, government agencies can also create a “ripple effect” that encourages other entities in those agencies’ value chains to improve their cybersecurity as well. All enterprises should encourage their local, regional, and national legislators to address protection of their constituents from cybersecurity threats, participate in those efforts wherever appropriate, and share lessons learned with their government agency counterparts. (See “Your Threats Are Evolving. Are Your Defenses?” and “Government: Deliver an Excellent User Experience without Compromising Security or Compliance.”)
Ivanti: Your Cybersecurity, Evolved
Attacks and threats are growing and changing nearly constantly. Your enterprise needs cybersecurity technologies that can respond effectively to all of them. Ivanti has the solutions and expertise you need to do so, today and tomorrow.
And through September, you can get select combinations of Ivanti cybersecurity offerings at discounts of up to 30 percent. Check out the offer details. Explore our solutions for control of user applications, devices, and admin rights, and for defending against and remediating malware attacks. Then, contact Ivanti, and let us help to improve cybersecurity at your enterprise. (If you work for a state or local government agency, we’ve got help for you, too.) And of course, please keep reading our Patch Tuesday and Threat Thursday updates.