Black Hat 2017 attendees describe how cybercrime continues unabated while enterprises’ defences remain ill-prepared
Lastline, Inc, the provider of advanced malware protection, released results of a survey that underscores how cybercrime continues to plague organisations. The survey of 134 Black Hat USA 2017 attendees found that nearly 55% of respondents have suffered a cyberattackwithin their respective organisations, with 20% being hit with ransomware. While human error is a contributing factor behind these attacks, the survey also found scarce resources to help security teams respond, and a lack of best practices being implemented to prevent future attacks.
Results of the survey include:
Human error continues to be a key cause of cyberattacks
84% of respondents whose company has suffered a cyberattack attribute it, at least in part, to human error, likely exacerbated by understaffed security teams and a flood of alerts and false positives. 43% say technology detected the attack but the security team took no action, while another 41% attributed the attack to a combination of technology and human error.
Ransomware is on the rise, but not necessarily effective
One in five organisations has been victimised by ransomware. Of those hit, just 8% actually paid the ransom while nearly two-thirds refused.
Information resources to understand and mitigate attacks are scarce
42% of respondents have no helpful source about the specific attack and are left to figure it out themselves. 52% seek online information from security experts and vendors, and another 19% rely on peers.
Organisations are playing roulette with infected computers
Only 28% of respondents follow best practices and erase and rebuild a computer’s software after a potential malware attack. 70% either manually erase (46%) or rely on AV tools to identify and clean the malware (24%), often resulting in the malware staying in place on the infected machine to continue its attack.
Cybercrime: risk versus reward
Despite the recent rise in ransomware, just one percent believes it is the most profitable crime with the lowest risk of getting caught. That distinction goes to cyber espionage (43%) followed by enterprise financial fraud/embezzlement (31%), and identity theft and online banking fraud (25%).
The case for pre-emptive hacking
When questioned whether black hat hackers should be hired to test security systems, six out of 10 respondents were open to the idea, suggesting a willingness to try every possible resource to secure effective security. Only 43% responded with a definite “no.”
“The threat of a cyberattack is something that organisations have to deal with on a daily basis,” said Christopher Kruegel, CEO, Lastline. “This survey highlights the need to adopt best practices and equip security teams with better tools to eliminate false positives and provide crucial information to help them prioritise and address those events that present the highest potential risk.”
Lastline’s family of products is widely acknowledged as the industry’s most effective advanced malware detection and breach protection solutions. NSS Labs’ 2016 Breach Detection Systems Test recognised Lastline as the only breach detection offering they have ever tested to achieve 100% detection effectiveness with zero false positives. And The Forrester Wave™: Automated Malware Analysis Q2 Report identifies Lastline as the strongest current offering on the market.
Comment on this article below or via Twitter @IoTGN