Almost 30 million cyberattacks were carried out in the United Kingdom in the fourth quarter of last year. This is according to a new report by Kaspersky Lab, based on an analysis of threats between October and December 2018 in the country.
The report claims that browser-based attacks were the primary method from spreading malicious programs in the country. There were more than 12 million detected threats. Out of all Kaspersky users that were attacked by malicious software, 16 per cent were web-borne threats.
Commenting on the news are the following security professionals:
Todd Peterson, IAM Evangelist at One Identity:
“The reason browser-based attacks are so prevalent is because everything is moving to the web/cloud and a browser is one of the primary ways you access it. So, avoiding those attacks is really just a matter of common-sense and vigilant behavior. Do you trust the source of the thing you are clicking on?
IAM (identity access management) can help to minimise the risk surface once an attack has occurred. For example, if an unsuspecting user in your company clicks on something that they shouldn’t have and opens up their system (on your network) to the hacker, good IAM in the form of business-driven authorisation and – above all – deep and thoughtful privileged access management will limit the damage to only those systems and data that the compromised user has legitimate access to. It will also prevent the attacker from making lateral moves and rights elevation activities to get to the ‘good stuff.'”
Felix Rosbach, Product Manager at Comforte AG:
“We all have to find a balance between security and comfort, between protection and business enablement. With too much security, users are unable to be productive. Too much access opens up organisations to a data breach.
While the chances of being breached are higher than ever before, there is not much you can do about it. Classic defense like firewalls and anti-Virus only protects you from known attack methods. To protect what is worth being protected you have to make sure that your identity and access management is under control – and that you render sensitive data unreadable.”