Wide Scale Distributed Denial of Service (DDoS) attacks were up 91% last year, according to BDO’s Cyber Threat Insights Report, and the best way to combat them is to adopt a more holistic cybersecurity model.
The report provides a detailed overview of the notable cyber incidents of 2017, and it makes seven recommendations for better cybersecurity in 2018. Adapting the cybersecurity model is one, and BDO also recommends allocating additional resources to interorganizational systems as recent developments in hybrid attack vectors prove that the outer security shell can no longer prioritize the inner security framework.
BDO also recommends creating an emergency back up system, which could allow organizations to operate for up to three months after a cyber attack, and segmenting networks for better security. According to the report, organizations should also try and minimize the time gap between the release and installation of security patches and ensure that employees are aware of new attack vectors. It’s final recommendation is to optimize monitoring, detection and response capabilities to combat cyber threats.
Unsurprisingly, the report identifies Petya/NotPetya, Wannacry and the NSA Leaks as some of the most significant attacks in 2017. It highlights Petya as being particularly significant, not just because of the widespread destruction it caused, but because it was the first time that type of vector had been applied in such a large-scale attack. BDO says there were many insights to take from Petya, including the observation that organizations struggle with making major changes to their systems in a short timeframe to mitigate such attacks, and that no security company can fully contain or stop a major cyber attack.
The report also highlights that while financial institutions and banks have been prime targets for cyber attacks in 2017, the increased use of cyber currencies, markets and wallets have opened up new avenues for hackers.
BDO blames the ‘EggShell’ Security Model, where organizations focus on the outer layer of security, the exploitation of supply chains and the increase of attack tools that can be quickly adopted by other countries, for the increase in cyber threats in 2017.