Prolific cyber-attacks against Sony capped off one of the biggest years on record for cyber security. Approximately 100Tb of data was compromised and up to $100-million in damages were inflicted during this headline-grabbing incident as the Trend Micro annual security roundup report, “The High Cost of Complacency”, analyses this and other notable activity throughout 2014. The year’s happenings reinforced that cybercriminals are relentless with ever-increasing levels of sophistication and tenacity.
“All in all, it’s a combination of identifying what’s most important, deploying the right technologies, and educating users,” says Gregory Anderson, country manager at Trend Micro South Africa. “It is everybody’s job – not just the job of IT professionals – to ensure that the company’s core data stays safe.”
Additional findings include confirmation of Trend Micro’s late 2013 prediction that one sizable data breach would occur every month – further solidifying the need for organisations to protect their networks and implement intrusion detection.
“The past year was unprecedented in terms of the size and scope of cyber-attacks as evidenced by the Sony situation. Unfortunately, this will most likely be a “sneak peek” of what is to come,” says Anderson.
Report highlights include:
* No threat is too small. It did not take a sophisticated piece of malware to cripple a target. Attackers are using a simple wiper to breach company’s defences with devastating effects.
* PoS RAM scrapers came close to becoming a mainstream threat in 2014, as several high-profile targets lost millions of customer data to attackers month after month.
* New attacks showed that no application was invulnerable in 2014 as attackers branched out into new territory.
* Online and mobile banking faced bigger security challenges and are proving that two-factor authentication was no longer enough to secure sensitive transactions.
* Ransomware became a bigger and more sophisticated threat across regions and segments. And unlike older variants no longer just issued empty threats but actually encrypt files.
