Ransomware has been grabbing headlines almost daily for the last
year. High-profile businesses such as hospitality, social media, and healthcare have
been targeted as victimized organizations. Also noted over that same time
period, the landscape of cybertheft has changed. Instead of seeking you out via
email, cybercrooks are more likely to wait on the web until you find them.
“More often than not, today’s malware is
distributed via the web. Executables are becoming less of a problem,” author
Hauke Gierow recently reported. “While there are more malware types, conversely
the overall numbers of cyberattacks are decreasing as the attacked are more
As evidence of his assertion, Gierow offers
statistics from a study by G DATA Security Labs. Per G DATA’s findings, more
than 8.4 million new digital malware strains were detected in 2017, which was
an increase of nearly 19 percent over 2016. In the first part of 2018 alone, G
DATA researchers detected more than 2.3 million malware strains, and a forecast
for 5.4 million in 2018. Other forms of malware, such as Trojan viruses and
adware, are much more common and also inflict considerable damage to an
By sharing these findings, are we suggesting
our readers ignore ransomware as a cybersecurity issue? No. Instead, we’re
encouraging business leaders to see beyond one type of malware and consider
their exposure to the whole category. For example, can you answer these
many assaults from Trojans and/or adware did your firm weather in recent
vulnerable is your IT infrastructure to a distributed denial of service (DDoS) attack?
much does your staff know about recognizing phishing techniques –
and the consequences of being hooked by one?
For a thorough, structured approach to
recognizing cybersecurity risks, we advocate applying the Cybersecurity Framework developed by the National Institute of Standards and
Technology (NIST). The NIST framework promotes five tenets for holistically
The first, “Identify,” concentrates on
assessing your situation to determine your level of jeopardy and ability to
improve your posture:
management – What cybersecurity
resources – hardware, software, people – do we have in place? Which do we
need to acquire? How many should be upgraded or trained?
environment – How are cyber crooks
attacking our industry? Our type of organization?
- Governance – Are we compliant with
regulations such as data
breach notification (DBN) protocols?
management strategy – Have you developed a
cybersecurity policy? If your answer here is “no,” then be sure to read
the next installment in our Malware Manual series “Building Your
Keep in mind as our “Malware Manual” series
continues that aligning the NIST framework alone does not guarantee a
cybersecure organization. Implementing specific services, user education and
best practices around cybersecurity make the difference.