The Online Trust Alliance issued its tenth annual report on cyber incidents and breach readiness in late January 2018.
A key feature of the report is the amount of impact that ransom type attacks have had in 2017 both in direct malware and other elements like threatened denial of service events.
It summarizes that preparation and constant diligence are key in avoiding cyber threats.
The report indicates the following key avoidable causes for incidents:
"• Lack of a complete risk assessment, including internal, third-party and cloud-based systems and services
• Not promptly patching known / public vulnerabilities, and not having a way to process vulnerability reports
• Misconfigured devices / servers
• Unencrypted data and/or poor encryption key management and safeguarding
• Use of end of life (and thereby unsupported) devices, operating systems and applications
• Employee errors and accidental disclosures - lost data, files, drives, devices, computers, improper disposal • Failure to block malicious email • Users succumbing to Business Email Compromise & social exploits "
Detailed outline of the following 2017 trends guide IT players to address future needs:
The report is a call to action with some good concrete tools which can help organizations plan and implement their own strategies. While it primarily details the results of analyzing what has happened in the past year it offers good information to help IT professionals and other business managers to wrap their heads around what can be a confusing and sometimes depressing area of concern.
Given the constant stream of new threats, reports of major massive breaches of security in significant circumstances it is easy to become overwhelmed by the field and to just give up and hope. Of course this is the most dangerous strategy to take and the suggestions and tools supplied in the OTA report can help.
Unfortunately, as long as our dependence of data, online communication and cyber systems continues there are going to be players who attempt to game the field. Well thought out material such as this OTA report can help serious users to build their solutions and encourage continued efforts to manage their systems.
To review the report summary including extensive note links you can access it here.
While there is much to consider, a good first step is to read through the detail offered and think about how you can approach your systems reflecting on the trends identified.