Protect yourself against the top 3 cyber threats of 2018

As we all become increasingly connected and our customer’s personal data is stored in the cloud or on other systems, the way this information is stored becomes more and more important. Not only does having secure and compliant systems mean it’s easy to ensure the data stays safe, but it also keeps you in line with GDPR.

Perhaps most importantly, a cyber breach is a huge reputational risk and ruins the customer experience – not only has their data been stolen, but they’re affected by any downtime that occurs. It’s important to make sure organisations and their employees are aware of the latest threats and how best to protect against them. Here are three cyber threats you should be aware of:

1. Botnets

A bot is a program that allows an attacker to take control of an infected computer. A botnet is a network of these computers that communicate with a server.

These botnets are harnessed by cyber criminals for a variety of online attacks such as to send spam, denial-of-service attacks on websites, to spread malware, and much more.

In 2017 Microsoft’s Digital Crimes Unit tackled Gamarue, a leading botnet that has infected more than 23 million IP addresses.

Microsoft analysed over 44,000 malware samples that revealed Gamarue’s sprawling infrastructure, which has included threats such as Petya ransomware, DDoS attack bots, info-stealing malware, and spam bots. Since the Gamarue disruption, there has been a 30% decrease in victims worldwide.

In order to protect your organisation against botnets, look for a solution that harnesses advanced machine learning. Windows Defender ATP uses the power of the cloud, machine learning and behaviour analytics to detect, protect and respond.

2. Easy mark attack methods

As we incorporate stronger security measures on our systems, hackers are finding it harder to get into these systems. As such, hackers are now focussing more on the ‘low hanging fruit’ such as social engineering or poorly secured cloud apps.

Humans are often the weakest link in cyber security. All it takes is one person in your organisation clicking a malicious link or opening a phishing email and your data could be compromised. Phishing was the top threat vector for Office 365-based threats during the second half of 2017. From November 2017 – January 2018 there were approximately 180,000,000–200,000,000 detected by Microsoft. These often impersonate popular brands such as Microsoft, Amazon, FedEx, banks and government services.

The best defence against phishing is employee education and training. An employee that spots and reports a suspicious email could head off an extensive phishing campaign before it does damage. Cloud app adoption is rising to support business productivity, but a lack of security infrastructure could be compromising data. Our research says that 79% of SaaS storage apps and 86% of SaaS collaboration apps do not encrypt data both at rest and in transit.

For visibility and control over all cloud apps usage across the enterprise, use a cloud access security broker (CASB) security solution such as Microsoft Cloud App Security and ensure you keep system software updated

3. Ransomware

The most famous ransomware attack of 2017 was WannaCrypt, which hit the NHS and other systems around the world, bringing down critical services. It affected over 230,000 computers – one of the largest attacks ever. Ransomware does, as the name suggests, infect and encrypt files (or entire disks) to prevent access until a ransom is paid – with no guarantee victims will regain access.

Ransomware was one of the types of malware distributed by botnets such as Gamarue and is also used via some ‘low hanging fruit’ channels such as phishing emails. Ensure you have destruction-resistant backups of critical systems and data so you can recover them in case of an attack. Most importantly, ensure these backups are updated and working.

Protect yourself against ransomware by applying multi-layered security defences: An email security system that scans email attachments and quarantines/blocks suspicious attachments. Apply advanced threat protection that applies machine learning and AI technology to help detect ransomware.

Ensure your systems are updated with the latest patches to keep protecting against new threats – WannaCrypt only infected unpatched computers. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

It’s important to keep up with the ever-evolving landscape and help stay GDPR compliant. Every year the Microsoft Security Intelligence Report analyses security threats and offers advice on how to mitigate the top attack types.




To read more from techUK's Cloud Week, visit our landing page

Original blog for Microsoft

  • Sue Daley

    Sue Daley

    Associate Director, Technology & Innovation
    T 020 7331 2055
  • Katherine Mayes

    Katherine Mayes

    Programme Manager | Cloud, Data, Analytics and AI
    T 020 7331 2019

Share this


"Technology is a key enabling tool for collaboration within organisations and across the public services ecosystem"…
Emily Jenkins, Girlguiding Advocate and A-Level student, spoke at #CogX19 during #LTW about why we need to get more…
First tranche of speakers confirmed for our 'going plastic free' conference on 10 July - @OakdeneHollins
3 Months to go until our fantastic #techUKSmarterState 2019 focusing on how emerging tech will transform public ser…
Join us at @Public_SectorUK (25 – 26 June, ExCeL London) & learn how to implement the latest digital solutions and…
ICYMI: During #LondonTechWeek, @PwC_UK published its report into AI in Healthcare, assessing the practicalities of…
Nominations for the World Class Policing awards close in 2 weeks. You can nominate here - @WCPAwards
Become a Member

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...