CST | Industry & Security News

April 30, 2014

Reality versus hype - what is really happening?

The latest ISTR 2014 (Internet Security Threat Report) has just been released, detailing the state of internet security for the previous calendar year. Please let us know if you require a copy of the full report.

The latest ISTR 2014 (Internet Security Threat Report) provides a useful insight to trends, threats, risks and draws comparisons on the year before. Please find some key extracts and facts below:

Highlights from the 2014 Internet Security Threat Report

• 91% increase in targeted attacks campaigns in 2013

• 62% increase in the number of breaches in 2013

• Over 552 Million identities were exposed via breaches in 2013

• 23 zero-day vulnerabilities discovered

• 38% of mobile users have experienced mobile cybercrime in past 12 months

• Spam volume dropped to 66% of all email traffic

• 1 in 392 emails contain a phishing attacks

• Web-based attacks are up 23%

• 1 in 8 legitimate websites have a critical vulnerability

These are just a few of the many facts from the comprehensive reports, below are some of the suggestions the reports makes to defend against the risks, please email us at info@cstl.com for a copy of the full 2014 ISTR report.

Best Practice Guidelines for Businesses

1) Employ defence-in-depth strategies

Emphasize multiple, overlapping, and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method. This should include the deployment of regularly updated firewalls as well as gateway antivirus, intrusion detection or protection systems (IPS), website vulnerability with malware protection, and web security gateway solutions throughout the network.

2) Monitor for network incursion attempts, vulnerabilities, and brand abuse

Ensure you have a system to be notified of/and receive alerts for new vulnerabilities, and threats across vendor platforms for proactive remediation.
Track brand abuse via domain alerting and fictitious website reporting.

3) Antivirus on endpoints is not enough on endpoints

It is important to have the latest versions of antivirus software installed. Deploy and use a comprehensive endpoint security product that includes additional layers of protection including:

•	Endpoint intrusion prevention that protects unpatched vulnerabilities from being exploited, protects against social engineering attacks, and stops malware from reaching endpoints;
•	Browser protection for avoiding obfuscated web-based attacks;
•	File and web-based reputation solutions that provide a risk and- reputation rating of any application and website to prevent rapidly mutating and polymorphic malware;
•	Behavioural prevention capabilities that look at the behaviour of applications and prevent malware;
•	Application control settings that can prevent applications and browser plug-ins from downloading unauthorized malicious content;
•	Device control settings that prevent and limit the types of USB devices to be used.

4) Secure your websites against MITM attacks and malware infection

Avoid compromising your trusted relationship with your customers by:

•	Implementing Always On SSL (SSL protection on your website from logon to logoff);
•	Scanning your website daily for malware;
•	Setting the secure flag for all session cookies;
•	Regularly assessing your website for any vulnerabilities (in 2013 1 in 8 websites scanned by Symantec was found to have vulnerabilities);
•	Choosing SSL Certificates with Extended Validation to display the green browser address bar to website users;
•	Displaying recognized trust marks in highly visible locations on your website to show customers your commitment to their security.

5) Protect your private keys

Make sure to get your digital certificates from an established, trustworthy certificate authority that demonstrates excellent security practices. Symantec recommends that organizations:

•	Use separate Test Signing and Release Signing infrastructures;
•	Secure keys in secure, tamper-proof, cryptographic hardware devices;
•	Implement physical security to protect your assets from theft.

6) Use encryption to protect sensitive data.

Implement and enforce a security policy whereby any sensitive data is encrypted. Access to sensitive information should be restricted. This should include a Data Loss Protection (DLP) solution. Ensure that customer data is encrypted as well. This not only serves to prevent data breaches, but can also help mitigate the damage of potential data leaks from within an organization. Use Data Loss Prevention to help prevent data breaches: Implement a DLP solution that can discover where sensitive data resides, monitor its use, and protect it from loss. Data loss prevention should be implemented to monitor the flow of information as it leaves the organization over the network, and monitor traffic to external devices or websites.

•	DLP should be configured to identify and block suspicious copying or downloading of sensitive data;
•	DLP should also be used to identify confidential or sensitive data assets on network file systems and computers.

7) Ensure all devices allowed on company networks have adequate security protection

If a bring your own device (BYOD) policy is in place, ensure a minimal security profile is established for any devices that are allowed access to the network.

8)Implement a removable media policy

Where practical, restrict unauthorized devices such as external portable hard-drives and other removable media. Such devices can both introduce malware and facilitate intellectual property breaches, whether intentional or unintentional. If external media devices are permitted, automatically scan them for viruses upon connection to the network and use a DLP solution to monitor and restrict copying confidential data to unencrypted external storage devices.

9) Be aggressive in your updating and patching

Update, patch, and migrate from outdated and insecure browsers, applications, and browser plug-ins. Keep virus and intrusion prevention definitions at the latest available versions using vendors’ automatic update mechanisms. Most software vendors work diligently to patch exploited software vulnerabilities; however, such patches can only be effective if adopted in the field. Wherever possible, automate patch deployments to maintain protection against vulnerabilities across the organization.

10) Enforce an effective password policy

Ensure passwords are strong; at least 8-10 characters long and include a mixture of letters and numbers. Encourage users to avoid re-using the same passwords on multiple websites and sharing of passwords with others should be forbidden. Passwords should be changed regularly, at least every 90 days.

11) Ensure regular backups are available

Create and maintain regular backups of critical systems, as well as endpoints. In the event of a security or data emergency, backups should be easily accessible to minimize downtime of services and employee productivity.

12)Restrict email attachments, web downloads, and any other file ingress route to your network

Configure mail/web servers to block or remove that contains file attachments that are commonly used to spread viruses, such as .VBS, .BAT, .EXE, .PIF, and .SCR files. Enterprises should investigate policies for .PDFs that are allowed to be included as attachments. Ensure that mail sand web servers are adequately protected by security software and that email is thoroughly scanned.

13) Ensure that you have infection and incident response procedures in place

•	Keep your security vendor contact information handy, know who you will call, and what steps you will take if you have one or more infected systems;
•	Ensure that a backup-and-restore solution is in place in order to restore lost or compromised data in the event of successful attack or catastrophic data loss;
•	Make use of post-infection detection capabilities from web gateway, endpoint security solutions and firewalls to identify infected systems;
•	Isolate infected computers to prevent the risk of further infection within the organization, and restore using trusted backup media;
•	If network services are exploited by malicious code or some other threat, disable or block access to those services until a patch is applied.

14) Educate users on basic security protocols

•	Do not open attachments unless they are expected and come from a known and trusted source, and do not execute software that is downloaded from the Internet (if such actions are permitted) unless the download has been scanned for viruses;
•	Be cautious when clicking on URLs in emails or social media programs, even when coming from trusted sources and friends;
•	Deploy web browser URL reputation plug-in solutions that display the reputation of websites from searches;
•	Only download software (if allowed) from corporate shares or directly from the vendor website;
•	If Windows users see a warning indicating that they are “infected” after clicking on a URL or using a search engine (fake antivirus infections), educate users to close or quit the browser using Alt-F4, CTRL+W or the task manager.

Want to have a copy of the full report, please email us info@cstl.com with the subject line “ISTR 2014”

Did you know CSTL provide cyber security visibility assessments and workshops, these are ideal if you want to measure your defences or work through a set of improvement actions, more information available at CST Cyber Resilience assessment or alternatively call us 0207 621 7836.