European businesses must be more vigilant in taking steps to prevent cybercrime from disrupting their essential operations, warns Fujitsu. In its 2017 Threat Predictions report¹, published today, the Fujitsu Security Operations Centre² identifies 10 of the greatest security risks to enterprises. These include failing to keep up with basic IT security processes. Further high risks are attacks on banking applications and smart cities.
Based on real-world intelligence in monitoring ongoing security threats, Fujitsu has identified that the most significant cyber threat – the failure to keep up with basic IT security processes – is also the easiest to remedy. Fujitsu security researchers believe that lax security will continue to lead to easily avoidable breaches, noting: “An amazing number of businesses don’t carry out the simple – yet vital – housekeeping tasks that cut down on risks.”
According to the report, immediate measures that all businesses can take to better protect themselves include more effective vulnerability patching, and ensuring that only current users have access to critical systems. What’s more, many organisations are too generous when it comes to system access privileges for regular users. As a consequence, Fujitsu says that companies are “needlessly vulnerable to data loss, data theft or external disruption of their systems”.
One particular weakness identified by the Fujitsu security experts relates to encrypted channels that provide external access to the heart of critical computing systems. These are designed to give remote workers easier access to networks, but when taken over by a cybercriminal, can mean that nefarious activities are largely undetectable. This is due to what Fujitsu describes as “a blind spot, with attacks over encrypted channels being missed due to the lack of SSL inspection capabilities”.
Companies should also be more vigilant in managing banking applications, another hot favourite for criminals. Fujitsu predicts that 2017 will see more attacks to banking payment systems, and expects further growth in banking Trojans targeting older, more vulnerable back office applications. Although international banking networks are moving to establish mandatory controls, Fujitsu states that it “still presents a window of opportunity for cybercriminals”.
Smart cities will also find themselves targeted – with Fujitsu security experts commenting that “many of the protocols designed for smart connected devices have their own potential flaws and vulnerabilities”. Implications could include allowing hackers to disable smart lighting grids in entire cities, Fujitsu warns.
The state-of-the-art Fujitsu Security Operations Centre (SOC) – which protects customers by detecting, analysing and neutralising threats – also foresees that the increased use of Artificial Intelligence (AI) and machine learning capabilities will become game changers in enterprise security. AI can immediately identify anomalies, for example in web traffic patterns. Such early warning systems allow security professionals to take a proactive approach to risk mitigation, aiming to eliminate threats before they become problems. However, the report cautions that cybercriminals will also be turning to these technologies to launch previously unseen types of attack.
Rob Norris, VP and Head of Enterprise Cybersecurity, EMEIA, Fujitsu, comments: “Every move to tightening up cybersecurity means an exponential decrease in vulnerability. Many organisations have not yet fully realised that when you depend on computing to run your business, then being offline essentially means being out of business. It’s not only financial risk but also the cost of damage to your reputation from data loss and theft. Our new report highlights some easy steps that any organisation can take to ensure they are not needlessly exposed to data loss, data theft or external disruption of their systems.”