Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives //

bitdefender

1/31/2017
11:00 AM
Razvan Muresan
Razvan Muresan
Partner Perspectives

Outsider Attacks Give Nightmares To CIOs, CEOs, CISOs

Three main threats companies aren't prepared to handle include outside attacks, data vulnerability and insider sabotage.



Outsider attacks, data vulnerability and insider sabotage are the main threats companies aren’t ready to handle, according to a Bitdefender survey of 250 IT decision makers at US companies with more than 1,000 PCs.

CIOs also know that cybercriminals can spend large amounts of time inside organizations without being detected; Advanced Persistent Threats (APTs) are often defined as threats designed to evade detection.

Accessing any type of data, whether stored in the private or public cloud, needs to be done via multiple authentication mechanisms, Bitdefender’s security specialists recommend. This should involve more than just usernames and passwords. For access to critical data, two-factor or biometric data offers additional control and authorization of qualified and accepted personnel. This is especially significant in organizations where access to critical and sensitive data is restricted, and only then under strict security protocols and advanced authentication mechanisms.

Image Source: Bitdefender
Image Source: Bitdefender

Insider sabotage is the third threat IT decision makers can’t yet handle
“To limit the risks of insider sabotage and user errors, companies must establish strong policies and protocols, and restrict the ways employees use equipment and infrastructure or privileges inside the company network,” recommends Bogdan Botezatu, Bitdefender’s senior e-threat specialist. “The IT department must create policies for proper usage of the equipment, and ensure they are implemented.”

In the past two years, companies witnessed a rise in security incidents and breaches, with a significant increase in documented APT type of attacks targeting top corporations or government entities (such as APT-28). This type of attack intends to exfiltrate sensitive data over a long period, or silently cripple industrial processes. In this context, concerns for security are rising to the top, with decisions taken at board level in most companies.

According to the Bitdefender survey of 250 IT decision makers at US companies with more than 1,000 PCs, IT decision makers, CISOs and CEOs are all concerned about security, not only because of the cost of a breach (unavailable resources and/or money lost), but also because their company’s reputation is at risk when customer data is lost or exposed to criminals. The more media coverage a security breach receives, the greater the complexity of the malware causing it. On top of this, migrating corporate information from traditional data centers to a cloud infrastructure has significantly increased companies’ attackable surface, bringing new threats and more worries regarding the safety of the data.

The demand for hybrid cloud, a mix of public cloud services and privately owned data centers, is estimated to be growing at a compound rate of 27% a year, outpacing overall IT market growth, according to researcher Markets and Markets. The company said it expects the hybrid cloud market to reach $85 billion in 2019, up from $25 billion in 2014. (Read the full white paper here.)

This survey was conducted in October 2016 by iSense Solutions for Bitdefender on 250 IT security purchase professionals (CIOs/CEOs/ CISOs – 26 percent, IT managers/directors – 56 percent, IT system administrators – 10 percent, IT support specialists – 5 percent, and others), from enterprises with 1,000+ PCs based in the United States of America.

Razvan, a security specialist at Bitdefender, is passionate about supporting SMEs in building communities and exchanging knowledge on entrepreneurship. A former business journalist, he enjoys taking innovative approaches to hot topics and believes that the massive amount of ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
iw_gray
50%
50%
iw_gray,
User Rank: Author
1/31/2017 | 2:48:41 PM
Excellent analysis of the threats to organizations
Excellent analysis. This is an issue that reaches beyond CIOs, CEOs and CISOs. The threat is heightened as other non-technical or non-senior leadership deparment heads are relying on intelligence to thwart outside attacks that put supply chain, physical security, or even executives in jeopardy. 
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...