European businesses must be more vigilant in taking steps to prevent cybercrime from disrupting their essential operations, warns an IT product company. In its 2017 Threat Predictions report the Fujitsu Security Operations Centre identifies ten security risks to enterprises. These include failing to keep up with basic IT security processes. Further high risks are attacks on banking applications and smart cities.
Based on intelligence in monitoring ongoing security threats, Fujitsu says it has identified that the most significant cyber threat – the failure to keep up with basic IT security processes – is also the easiest to remedy. The company’s security researchers believe that lax security will continue to lead to easily avoidable breaches, noting: “An amazing number of businesses don’t carry out the simple – yet vital – housekeeping tasks that cut down on risks.”
According to the report, immediate measures that all businesses can take to better protect themselves include more effective vulnerability patching, and ensuring that only current users have access to critical systems. Many organisations it says are too generous when it comes to system access privileges for regular users. Hence, companies are “needlessly vulnerable to data loss, data theft or external disruption of their systems”.
One particular weakness identified relates to encrypted channels that provide external access to the heart of critical computing systems. These are designed to give remote workers easier access to networks, but when taken over by a cybercriminal, can mean that nefarious activities are largely undetectable. This is due to what the IT firm describes as “a blind spot, with attacks over encrypted channels being missed due to the lack of SSL inspection capabilities”.
Companies should also be more vigilant in managing banking applications, another favourite for criminals. Fujitsu predicts that 2017 will see more attacks to banking payment systems, and expects further growth in banking Trojans targeting older, more vulnerable back office applications. Although international banking networks are moving to establish mandatory controls, the report states that it “still presents a window of opportunity for cybercriminals”.
Smart cities will also find themselves targeted – with the report commenting that “many of the protocols designed for smart connected devices have their own potential flaws and vulnerabilities”. Implications could include allowing hackers to disable smart lighting grids in entire cities, Fujitsu warns.
The use of Artificial Intelligence (AI) and machine learning will become game changers in enterprise security, it’s claimed. AI can identify anomalies, for example in web traffic patterns. Such early warning systems allow what the IT firm calls a proactive approach to risk mitigation, aiming to eliminate threats before they become problems. However, the report cautions that cyber-criminals will also be turning to these technologies to launch previously unseen types of attack.
Rob Norris, VP and Head of Enterprise Cybersecurity, EMEIA, Fujitsu, says: “Every move to tightening up cybersecurity means an exponential decrease in vulnerability. Many organisations have not yet fully realised that when you depend on computing to run your business, then being offline essentially means being out of business. It’s not only financial risk but also the cost of damage to your reputation from data loss and theft. Our new report highlights some easy steps that any organisation can take to ensure they are not needlessly exposed to data loss, data theft or external disruption of their systems.”
The full 11-page Threat Predictions Report is available here: http://www.fujitsu.com/uk/Images/FUJ_SOC_Predictions_Report.pdf.
Fujitsu blog: http://blog.uk.fujitsu.com/.
