77% of SMBs are concerned about an attack in the next 6 months and plan to increase their cyber security
The sudden rollout of lockdowns across the world to help fight Covid-19 unmasked a multitude of other threats that may or may not have been adequately prepared for. Unsecured personal devices were hacked, collaboration tools were compromised and credentials were stolen.
A year later with most of the world still under restrictions, what have we learned? Are we in a better state than last year? What are the new threats emerging and what threats are still very much on the forefront of an attacker’s mind.
1) Ransomware attacks on the rise
We’ve spoken a lot about ransomware on the HostedBizz blog and there is a reason. Ransomware accounts for 1 in 4 cyber attacks and 71% of attempts are successful. The attackers gain sensitive information via backup file signatures, backup solutions’ APIs and other utilities such as Windows VSS writers.
One of the biggest drivers for the increase in ransomware attacks is the rise of ransomware insurance providers. Insurance interests an attacker because businesses are now a lot more likely to submit and pay out ransoms as the loss is protected from their side.
The best defence against ransomware continues to be good back-to-basics security hygiene. This includes enforcing least-privilege access policies, regular backups with safe storage solutions and keeping on top of your patching tasks.
2) Company Perimeters now expanding to employee homes
As a result of the ongoing pandemic, the shift towards working from home has accelerated meaning that company perimeters have now expanded. This presents a real challenge for security professionals to monitor their internal networks via traditional methods such as firewalling and network intrusion detection systems. Despite these security concerns, 84% of businesses will continue to support staff working remotely from 2021 and beyond. This means that this issue will continue certainly for the foreseeable future.
As a precaution, IT teams will have to bolster up their endpoint protection and implement MDM (Mobile Device Management) to keep company data safe. These solutions offer clear visibility of data used on popular collaborative 3rd party applications (such as Slack and Zoom). Basic endpoint protection such as regular patching and anti-malware software installed on devices can also help data protection.
3) Evolved Phishing Scams
Phishing still remains a popular cyber threat in the hacker’s toolkit. Cybercriminals use phishing to distribute malware, steal credentials and scam users out of money. A survey conducted during the middle of 2020 reported that 38% of respondents said a coworker had fallen victim to a phishing scam.
While there has been no real change to the overall threat, hackers were leveraging keywords surrounding “pandemic” and “COVID” to grab attention. As we’ve rolled into 2021, these are now changing to “vaccines” and “stimulus checks”
There is no single recommended strategy to prevent malicious email from coming into your exchange server, but combinations of essential tools and well-educated staff will reduce your chances of falling victim to phishing scams.
4) Hacking Third Party Tools
In the aftermath of the SolarWinds hack, a better understanding of third-party risk management programs has caught the attention of security professionals.
In order to protect organizations from these sort of breaches, M&A and licensing management functions need to become more aligned. Particularly when it comes to governance, risk and compliance teams. HostedBizz would recommend conducting a thorough security audit of all third-party suppliers. This inter-organizational collaboration will better prepare teams to deal with supply chain attacks in the future.
What is your cybersecurity risk score?
Understanding the strength of your cybersecurity strategy is paramount in tackling the threats we have discussed today. To get started, we recommend completing our new Cyber Security Risk Assessment. The assessment will provide you with a risk score and enable you to discover common gaps within your strategy that you may have not been aware of. If you would like no-obligation guidance on how to use your risk score to improve your defence, one of our security specialists will be happy to discuss this with you.