Story image

Report: APAC firms must drop risky apps and polish cyber hygiene

29 Aug 17

Asia Pacific has poor cybersecurity hygiene and likes to risk the use of dodgy applications, which means attackers are developing wormlike attacks on hot exploits at ‘record’ speed, according to Fortinet’s latest Threat Landscape Report.

In total, there were 184 billion total exploit detections, 2.9 billion botnet communication attempts and 62 million malware detections.

60% of organisations experienced exploits around vulnerabilities that were more than 10 years old and 90% reported exploits that were more than three years old.

Once a threat is automated, the report warns, attackers aren’t limited to targeting specific industries. With more power, the impact and attack leverage increases.

Automated threats are also prolific: 44% of all attempts occurred on weekends – twice the average daily volume than spotted on weekdays.

Automated or not, threats still get into systems. Organisations that allow proxy applications are subject to nine times more botnets and malware than those that don’t; while those that allow peer to peer applications report seven times more botnets and malware than those that don’t.

Fortinet suggests that because threats are automated, organisations should combat them with their own automated attack tools.

Vulnerabilities in IoT devices are still major threats: One in five organisations still report malware that targets mobile devices. According to Fortinet, IoT devices don’t have the same level of control, visibility and protection that traditional systems receive.

Fortinet’s CISO Phil Quade says that technology innovation creates opportunity for positive and negative outcomes.

 “Something we don’t talk about often enough is the opportunity everyone has to limit bad consequences by employing consistent and effective cybersecurity hygiene. Cybercriminals aren’t breaking into systems using new zero day attacks, they are primarily exploiting already discovered vulnerabilities,” he explains.

“This means they can spend more of their resources on technical innovations making their exploits difficult to detect. Newer worm-like capabilities spread infections at a rapid pace and can scale more easily across platforms or vectors. Intent-based security approaches that leverage the power of automation and integration are critical to combat this new ‘normal’.”

Web traffic encryption is also on the rise: The percentage of HTTPs traffic over HTTP jumped 57%, although this is not necessarily a good result. Threats are known to use encrypted communications for cover, and organisations that have poor visibility into encrypted communications are also being placed at risk.

Fortinet suggests that organisations take time to practice good cyber hygiene, which can include reconsidering risky applications; fast and responsive patching; visibility; and automated threat defence.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Cohesity signs new reseller and cloud service provider in Australia
NEXION Networks has been appointed as an authorised reseller of Cohesity’s range of solutions for secondary data.
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
NVIDIA sets records with their enterprise AI
The new MLPerf benchmark suite measures a wide range of deep learning workloads, aiming to serve as the industry’s first objective AI benchmark suite.
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.