Sage Advice - Cybersecurity Blog

The cyberthreat environment changes every day. New malware is developed, new social engineering tactics are deployed, and fraud is seemingly lurking around every corner. Because of the cybersecurity risk that these threats pose, we are all responsible for doing our part to keep information secure at home and at work.

Hackers are constantly developing new ways to infect systems globally. As threat detection services and security teams catch on to their tactics, they continue to build and deploy new malware to feed their personal wallets. We are seeing more malware than ever, and this cycle will only get worse. Let’s review the predicted threat environment for 2020.

The popular tax preparation software TurboTax recently announced that an unauthorized party had accessed an undisclosed number of its clients’ accounts. But it wasn’t because they had suffered a data breach. Instead they were victims of a credential stuffing attack – a cyberattack that continues to gain popularity. 

If you’ve been the victim of identity theft, you’re not alone. In the past five years, we’ve seen healthcare data breaches grow in both size and frequency, with the largest breaches impacting as many as 80 million people. One in four US consumers had their healthcare data stolen in 2017, and 50% of breaches resulted in medical identity theft. Victims paid an average of $2,500 out-of-pocket costs per incident (Accenture).

If we look back at some of the recent cybersecurity headlines, it’s clear to see that it’s been a year full of ransomware and cover-ups. We saw a significant uptick in the maturity and sophistication of attacks. Not only was more data stolen than ever before, the biggest hacks we’ve ever experienced occurred. It short, it was a banner year for hackers.  

When threat hunting, you must first understand the adversaries you’re facing. While their techniques may be very similar, what motivates them can be very different. Understanding these motivations can provide you with a better understanding of where and when a cyber attacker may strike or when an unwitting accomplice takes measures that present undue risk to the organization.

As the number of successful cyber-attacks continues to soar, it's time to take a proactive stance to detect them. You can’t simply sit back and wait for an automated alert to let you know you’ve been breached. You need to actively seek out potentially malicious behavior on your network. Hunting down indicators of attack, so you can detect and contain an incident as quickly as possible.

News that a fundamental security flaw impacting nearly every computer chip manufactured in last 20 years began spreading in the early days of 2018. Two variants – named Spectre and Meltdown – were identified. While their mechanisms are slightly different, both variants exploit a chipset hardware vulnerability allowing rogue programs to read protected memory. That means that attackers can obtain secret information from memory – previously considered completely protected – including passwords and encryption keys.

Information security professionals can hardly be blamed if they’re ambivalent about digital disruption and digital transformation. On one hand, they’re getting traction with disruptive security technologies, whose automated, real-time capabilities help transform the security function. On the other, they’re facing mounting cybersecurity challenges as their organizations leverage IoT, AI, social tools, and mobility to become more efficient, effective, and engaging, said Don Anderson, a presenter at Tyler’s 2017 CyberCrime Symposium.

In 2012, when Sean Sweeney became CISO for a large university, info-security strategies focused on preventing breaches. At that time, “CISO stood for ‘chief information scapegoat officer,’” said Sweeney, a presenter at Tyler’s 2017 CyberCrime Symposium.  “It was my job to prevent every possible attack against the university 24x7x365. That’s an unwinnable job, right?”