No company is safe from cyber attacks. According to DBIR, victims of cyber crimes in 2012 come from a wide range of industries worldwide, regardless of company size. This could be tied in with the motivations of an attack. For instance, retail and food industries were found to be attacked for financial gains while the public sector and information industries faced espionage-related breaches.
Future of security landscape
While malware is still highly ranked as a common form of breach, it has seen a decline. The DBIR revealed that the number of malware cases has decreased from 69 percent in 2011 to 40 percent in 2012. This could be attributed to hackers shifting to other forms of attacks, such as the Distributed Denial of Service (DDoS) attacks.
DDoS is projected to be the next big threat that organisations should look out for. Lum said that hackers are moving towards DDoS attacks as it disrupts the company's operations, which could potentially result in huge losses for companies that are dependent on the Internet.
Protecting your company
As prevention is better than cure, companies should take a proactive approach to protect themselves from cyber attacks or breaches. The following are some suggestions stated in the DBIR on how companies could do so:
- Ensure essential controls are met and regularly check that they remain so;
- Collect, analyse and share incident data to create a rich data source that can drive security program effectiveness;
- Without deemphasising prevention, focus on better and faster detection through a blend of people, processes, and technology; and
- Evaluate the threat landscape to prioritise a treatment strategy.
Lum added: "Instead of looking at just the trends, a better way of [formulating a good security strategy] is to establish your own incident tracking system. By collecting data and looking at what attacks are being targeted to your company, you can better identify threats, vulnerabilities and do an internal assessment."
When it comes to how often companies should review their security measures, Biyani advised companies to relook them annually, whenever there is a major change in their infrastructure or when there are reports of any incidences.
Sign up for Computerworld eNewsletters.