Is it time for IT pros to panic? Spiceworks’ Peter Tsai cites 10 security stats that show the scope of worldwide cyber security threats — and yes, they’re pretty alarming.
Eighty per cent of organizations experienced a security incident in 2015, according to the latest Spiceworks security survey of IT professionals. The most common incident was malware, but organizations also had to deal with phishing attempts, DDoS attacks, password breaches and data leaks.
Last year alone, 430 million new malware variants were discovered and hundreds of millions of user accounts were hacked, causing hundreds of billions of dollars in damage. And then there’s the emergence of IoT malware — yet another concern to keep IT pros awake at night.
But Spicehead coreonetwelve says it’s not time to panic; rather, it’s “time to continue pushing best practices and ensuring that awareness of consequences is consistently communicated.”
That is, of course, easier said than done. The Linkedin hack, for example, showed us that users still don’t know how (or, perhaps more accurately, don’t care) to create strong passwords; the most common passwords are still ‘123456’ and ‘password.’
“You shouldn’t even be allowed to create passwords like that,” says Spicehead Jesse Baker, aka JFEB. “People need to be herded into changes like this. Asking someone to use a secure password, you might as well be talking to the wind, ’cause it isn’t going to happen unless you force them to.”
But some, like Ian Macdonald, feel the problem needs to be tackled “at source” by fixing weaknesses in software. MerlinYoda agrees, saying that “of all the issues in the software development field, failure to write secure code is one of my biggest pet peeves.”
While the problem — and solution — may lie with both developers and users, Jeremy Wiles says the bad guys have always been one step ahead of the security guys.
“We are about to enter into a new age of warfare, an evolved ‘cold war’ if you will, where battles will not be fought with guns and bombs but instead with hacks, phishing, backdoors and drones,” he says. “It’s already started.”
And it’s happening on multiple fronts, with the rapid spread of ransomware hitting up businesses and consumers alike. Spicehead RasPiGuy says his organization was hit with ransomware and he’s looking for advice on how to find patient zero.
“We just got hit with some sort of crypto virus,” he says. “It quickly spread to our NAS. We are looking at the SIDs on the files but we keep seeing different users and groups.”
Spicehead Karen Wood recommends looking for the owner of the file: “Right click one of the infected files, go to properties and find out who the OWNER of that file is. Problem is, if everything is infected you’re sort of SOL.”
Others recommend checking user folders for encrypted files. But, as TRS-1980 points out, “looking at the file owners is not always reliable.” And Clayton Chatham argues this won’t work: “Crypto attacks all files that the person has access to, doesn’t matter if they’re the owner or not. I usually look for the person who modified the file last.”
If you have network monitoring on your switches, you can also see which user workstation is frantically opening and closing files, says D Zee. “Ransomware is working as fast as it can to encrypt, and its behavior is evident on network traffic monitors compared with typical user behavior.”
Or, you could use a low-tech solution to a high-tech problem: “Walk around the office and talk to people,” suggests Dan Kokkos. “Anything weird happen on your computer?”