Welcome to the last working week of the year. 2017 has definitely been a roller coaster of a year. From a technology point of view Hacking and Ransomware went from being mildly annoying to full blown attacks. The money made from Ransomware in 2017 is estimated to be triple that of 2016.
The biggest change we have seen this past 12 months is the engagement of hackers by Ransomware organisations, effectively paying a commission to hackers who hack into systems and deliberately infect them with Cryptolocker and the like. This led to a massive increase in hacking attempts on RDP (Remote Desktop) connections and forced us to shutdown open connections and push users towards SSL VPN. This was the nail in the coffin for lax Small and Medium Business (SMB) security. Where once before the SMB market could roll the dice when it came to security, it is now, almost a certainty that if you’re not up-to-date, you will be breached.
So, what’s coming in 2018? Security will be an even bigger issue and move from being just an IT problem, to a companywide issue. Especially with the governments new Notifiable Data Breaches Legislation. We also expect hackers to be escalating their attacks as they chase lucrative bitcoin commissions by deliberately infecting networks. We expect they will move beyond hacking open RDP ports and move more towards targeted social campaigns, similar to the very successful campaigns based around Australia Post, or speeding fines from the AFP. These attacks will be designed to fool end users, get them run some malicious code and give hackers a foot in the door.
LAKES CTS (Cyber Threat Security).
To combat the above we have been working hard on our CTS offering. CTS has been massively successful in stopping attacks. Since deploying CTS, we have only had 3 crypto infections on our networks, each of these was due to poor password management (i.e. username = sales - password = sales). The hackers were able to brute force their way onto the networks through insecure passwords and deliberately bypass Lakes CTS. Since deploying CTS, the system has blocked over 9500 suspect URLS from being launched. Many of these are just scam advertising links on webpages, but over 150 were verified crypto packages.
To battle the upcoming wave of socially engineered attacks we are expanding Lakes CTS to also offer end user education. This is a big deal and currently has only been available to Enterprise users with deep pockets. To the best of our knowledge we are the only SMB IT provider moving forward with this type of service because we firmly believe the biggest weakness in IT networks in 2018 is going to the end users. The people manning your sales counter or your apprentice out the back that only uses the computer for “Training”. End user education is going to be the silver bullet when it comes to protecting your networks. We will be releasing more information about this exciting new offering in January.