Visibility and control of distributed IT infrastructures fell in the first quarter of 2017, according to the "Global Threat Landscape Report" from security appliance provider Fortinet.
Meanwhile, the Global Threat Landscape Report also indicated the number of potential cyberattack vectors is growing, a trend that appears likely to continue in the foreseeable future.
The Global Threat Landscape Report highlighted three trends:
- Crime-as-a-service powers many cybercriminals. Today's cybercriminals are ready to launch attacks from any location, at any time and on any device, Fortinet indicated.
- Hyperconvergence and the Internet of Things (IoT) are accelerating the spread of malware. As more networks and users than ever before share information and resources, cyberattacks are spreading rapidly across distributed geographic areas and a variety of industries, Fortinet pointed out.
- Broad security policies and governance models are paramount. Organizations must understand how information technologies, services, controls and behaviors change over time to detect and address cyberattacks consistently, according to Fortinet.
Eighty percent of organizations reported high or critical-severity exploits against their systems in Q1 2017, the Global Threat Landscape Report revealed.
In addition, just under 10 percent of organizations detected activity associated with ransomware, the report indicated, and an average of 1.2 percent said they dealt with ransomware botnets running somewhere in their environment.
How to Combat Cyberattacks
To help organizations combat cyberattacks, Fortinet Senior Vice President of Products and Solutions John Maddison (pictured above) offered the following recommendations:
- Minimize your visible and accessible attack surface. Criminals are opportunistic in nature and tend to target low hanging fruit, Maddison noted. As such, it is critical for organizations to minimize their visible and accessible attack surface.
- Examine your network hygiene. "Identify, patch, update and replace vulnerable devices and systems on your network," Maddison stated. "Far too often, routine and complexity combine to allow overlooked systems that fall out of the patch cycle persist in your network. If you can't secure it, get rid of it. If you can't get rid of it, segment it and protect it."
- Update your security strategy. A security strategy must address an organization's network demands, Maddison noted. Therefore, an organization should build advanced malware defenses into a network's perimeter, across a network and into network endpoints.
Security awareness is insufficient for organizations that want to prevent cyberattacks, Fortinet Chief Information Security Officer Phil Quade said in a prepared statement.
Instead, today's organizations must adopt "trustworthy network segmentation and high degrees of automation to prevent and detect adversaries' efforts to target ... businesses and governments," Quade indicated.
