By Jaydeep Saha, Contributing Writer, HCL Technologies Ltd. 


According to a recent report from Cisco’s cyber threat analysis organization, Cisco Talos, in the last quarter 20 percent of all cyberattacks were attributed to commodity malware attacks. The telecom industry was recorded to be the most affected, followed by healthcare, and the education sectors.

The IT sector is eighth on the list of the most affected industries.

This is the first time in a year that ransomware has not been identified as the most common cyberthreat, now representing 15 percent of attacks, followed by phishing.

What is commodity malware?

Commodity malware is the most prevalent standardized type of malware. These attacks are based on programs that are readily available on the internet and can be used by anyone.

The Cisco Talos Incident Response (CTIR) report said: “Commodity malware is widely available to buy or download for free, it is typically not customized and is used by a variety of threat actors at different stages of their operations or to deliver additional threats.”

Cyber security weaknesses and trends

Security expert David Fuhr lists five cyber security weaknesses and trends as follows:

  1. Attacks on company processes: Gaps or loopholes in a company’s framework invite cyberattacks. The attackers blackmail employees with email and phone calls.

  2. Ransomware: A type of malware from cryptovirology that threatens a victim by blocking data access or publishing personal data unless a ransom is paid.

  3. Attacks on supply chain: Securing the supply chain is a necessity for large organizations. This is a challenge, because these environments are heterogenous in nature - an IT landscape consisting of many different systems and various hardware and software vendors. Left untouched, these are “at best” difficult to manage and secure.

  4. Remote maintenance access: Many organizations require third party help to support their IT services. Maintenance of air conditioning to building automation, for example, requires experts from other companies to enter and access the premises. This leaves a window open for security threats.

  5. Shadow IT entity: Some organizations feel their IT infrastructure is slow and they build their own IT framework without any expertise, while neglecting the security aspect. This shadow IT entity is easy to build in the cloud and comes with significant risks.

How is HCL Technologies securing organizations?

With a variety of services developed over decades in its arsenal, HCL Technologies knows exactly what is required to keep its customers safe.

The in-depth knowledge of vertical-specific requirements, new threat vectors, regulatory landscape, and resiliency defines the foundation of its Dynamic Cybersecurity Framework, which covers infrastructure & cloud security, application security, Governance Risk & Compliance (GRC), identity & access management, business continuity/disaster recovery, data security & data privacy, and security of things.

A key partner in HCL Technologies’ GRC Services practice is Fortius Consulting, which is made up of trusted, industry-leading architects, consultants, project managers, and educators with unparalleled experience and certification within a diverse set of cybersecurity solutions.

With over 100 cybersecurity professionals in 15 countries, the partnership represents a global solutions provider to leading enterprises across key industries, including 250 of the Fortune 500 and 650 of the Global 2000.