Information Security Buzz, October 18, 2018, by Satya Gupta
Among findings in the new Ponemon 2018 State of Endpoint Security Risk report:
--64% of enterprises have been compromised in the past 12 months by attacks
--The cost of a successful cyber-attack increased 42% year/year
--Organizations are now 4x more likely to be hit with a zero-day attack, such as a fileless attack, bypassing existing defenses compared to traditional attack methods
In response, Satya Gupta, an expert with Virsec offers perspective on these findings.
“It’s not surprising that fileless attacks are on the rise, because they work. What is worrisome is how slow many organizations been to respond to these new tactics and adjust their security strategies. We’re still stuck in a mindset of guarding the perimeter and stopping what’s been seen before. And few people want to admit that security-by-patching doesn’t come close to keeping up.
What this report doesn’t highlight is that not all endpoints are equal. Protecting user devices is important, but the greatest risk to organizations lies in not adequately protecting their business-critical applications. For advanced attacks the battleground is within runtime application memory, where fileless attacks can manipulate legitimate processes in ways that are difficult to detect. Our focus needs to shift away from endlessly chasing external threats to ensuring that our applications have guardrails to ensure they execute properly.”
