20 May, 2024

Don’t let your security guard down

24 March, 2022

With the current global situation and greater risk of malicious actors posing a threat to companies’ data and internet security, it is sobering news that web malware (47%) and ransomware (42%) now top the list of security threats that organisations are most concerned about. This is according to the latest survey by Menlo Security – for which Sapio Research questioned 505 IT decision makers across the UK and US including CIOs and CISOs during February. Yet despite the growing risks, less than a third (27%) have advanced threat protection in place on every endpoint device that can access corporate applications and resources. The Menlo research, ‘The state of threat prevention: evasive threats take center stage’, explores what steps organisations are taking to secure themselves in the wake of a new class of cyber threats – known as Highly Evasive Adaptive Threats (HEAT).

As employees spend more time working in the browser and accessing cloud-based applications, the risk of HEAT attacks increases, explains the report. Almost two-thirds of organisations have had a device compromised by a browser-based attack in the last 12 months. The report suggests that organisations are not being proactive enough in mitigating the risk of these threats, with 45% failing to add strength to their network security stack over the past year. There are also conflicting views on the most effective place to deploy security to prevent advanced threats, with 43% citing the network, and 37% the cloud.

Mark Guntrip, senior director of cybersecurity strategy at Menlo Security, comments that threat actors seek to exploit gaps in traditional security defences and the fact that security capabilities haven’t really changed over the past decade. He explains that one of the areas of focus for attackers is using web threats and more and more of them are being successfully deployed using HEAT techniques. “Last year, we saw Nobelium use HTML smuggling, a HEAT tactic to avoid static and dynamic content analysis, to deliver malware and ransomware attacks,” he points out. “The fact that these are successful means their usage will increase, which could have devastating consequences for companies of all sizes.”

Guntrip reflects that working practices have changed and companies must stop relying on traditional tools and strategies that just don’t cut it anymore. “Adopting a prevention-driven approach to security is the only way to achieve this and using isolation-powered security to do so stops the browser from having any direct interaction with the website and content and ensures that HEAT attacks don’t stand a chance,” he remarks.

According to the research among 500+ IT decision makers in the UK and US, hybrid/remote working (28%) is the biggest challenge organisations expect to face this year when it comes to protecting their corporate network from advanced threats. This is followed by budget restrictions (15%), the presence of unmanaged devices (14%), and outdated security solutions (13%). There are also a number of competing priorities for IT professionals when it comes to improving their security posture in 2022. Training staff tops the list (61%), followed by technology investment to protect the corporate network (60%), adapting to new ways of working (50%), and investing in skilled security members at 45%.

Buyers' Guide Search
Search for UK supplier by name
Browse by Product Group.
APRIL/MAY 2024To view a digital copy of the APRIL/MAY 2024 edition of Hydraulics & Pneumatics Magazine, click here.

For a FREE subscription please click here

To visit the Library for past issues click here

MARCH 2024 IssueTo view a digital copy of the MARCH 2024 edition of Hydraulics & Pneumatics Magazine, click here.

For a FREE subscription please click here

To visit the Library for past issues click here

JULY/AUG 2023 Issue inc. BUYERS' GUIDETo view a digital copy of the JULY/AUGUST ISSUE of Hydraulics & Pneumatics magazine that includes the ANNUAL BUYERS' Guide for 2023, click here.

To visit the Library for past issues click here

BFPA YearbookTo read the latest BFPA Yearbook, click here ..
BFPA Training AcademyClick the image to go to the BFPA Training Academy website
Compressed Air & Vacuum Technology Guide 2018To read the official BCAS Compressed Air & Vacuum Technology Guide 2018 click here
Offshore Europe Journal