There is no way to avoid the reality: cybercrime, or cyber espionage will hit. Attackers are employing methods to deliver malware and steal credentials, from old vectors like malvertising, to new ones like appliances connected to the Internet of Things.

Companies try to improve their security measures, but many of them are not aware of the biggest dangers.

The reality is that cybercrime will definitely hit. The attackers’ methods focus on credentials steal, using old vectors like malvertising, or new ones like connection to the Internet of Things.

Every specialist in security sphere decides on his own which threats are the most dangerous and which are of a least concern.

Malicious advertising

Jerome Segura, lead malware intelligence analyst at Malwarebytes, informs that malvertising became less dangerous. Now it has completely new goals.

Before, attackers preferred high-profile media sites, but now smaller brand names with a lot of traffic but less visibility are what they need.

Attackers mainly reckon on malicious ads to gain some money, but other goals are identity collection or malware installation for adding machine to a botnet afterwards. Contractors more often take no notice of malvertising than full-time workers who keep an eye on the websites. System patching and blockers are good steps to decrease the risk of malvertising.

IoT – Internet of Things

Jeremiah Grossman, chief of security strategy at SentinelOne says that IoT devices are usually under the radar. People often consider IoT to be small things like pretty accessories or connected appliances but in fact, they are also bigger things, e.g. systems of management for industrial processes.

64% of Americans prefer working at home, but they do not even think of their connected refrigerators to be the source of your data hacking. Many people do not protect their home networks appropriately. And exactly this fault is a major concern for the enterprises.

Grossman puts a question: if your refrigerator is on your network along with a laptop, do you properly protect them both? Unfortunately, people don’t think about influence of connected home appliances, baby monitors, and door locks over their security in general.

Besides, manufacturers don’t provide a long-term support, and technologies are at a great risk.

Segura notices that buying a new hardware is rather expensive, and logically, one can just discontinue a product after less than ten years using.

Lack of familiarity with encryption

Lack of encryption practices is a major problem of many businesses. Data encryption in transit is not enough to secure data comprehensively.

Hutchinson says that encryption is nothing if you do not have the security platform in place. All these weak points leave information at risk. Moreover, if many employees have encryption keys, it is the same as to be unlocked.

In-memory penetration

Grossman says that practically from 20- to 30% of infections are in-memory attacks. Everything is quite easy: the user launches malware from infected Word, Excel file or the browser on a malicious webpage.

He also adds that usually insiders are more aware of fileless threats, which are the main reason for degradation of AV systems performance. Signaturing binaries are the backbones of AV systems work. So, no binaries in memory – no signatures in it. The difficulty is that fileless attacks leave no trace on the disk.

Disabling macros on any endpoint can help enterprises to avoid in-memory attacks, as Grossman mentioned.

“Ill-intentioned maid” attacks

Many people increase the risk of attacks by bringing unencrypted corporate devices to such internet-enabled places as cafes, hotels, airports, home offices. Grossman places the emphasis on a big mistake to leave a laptop unsupervised in the place where one can make use of it.

You do not even notice such an attack, because your device is on its place, but malware is already installed on it. Such attackers go unnoticed because the device isn’t physically stolen.

Data mobilization

Businesses do not properly secure data on mobiles regardless the fact that number of people using mobile devices for their data storage is constantly growing. The increasing mobilization of data causes a real threat, actually.

Hutchinson emphasizes that the modern society are moving to a time when laptops are becoming obsolete. People mainly work from smartphones, tablets, but they are not intended for data storage like laptops are.

Moreover, many end-users do not think about security when handling over social information. They provide personal data by entering freebies or discounts, or giving their emails and usernames by answering to silly questions like “What country would you like to visit?”, etc. Have you ever think that these data can be in the public domain soon?

Employees of little education

Optiv’s Hutchinson says that security misunderstanding is a big problem of both businesses and society as a whole.

She also admits a fact that MBA student graduate without proper understanding of cybersecurity and then we wonder when one doesn’t understand its working principles. As a result, every user contacts the CISO for security but the CISO cannot help to avoid all attacks alone.

So, people should understand the awful consequences after being hacked, your personal life can be really ruined if you do not protect your personal information properly.
One more thing: everyone in the company must be trained, because lower-level employees are the main target of skilled hackers.