Last year, the highest average price of a data breach for 17 years, with costs rising from $ 3.86 million to $ 4.24 million on an annual basis, according to Report on IBM data breaches. It is clear that organizations need to have the right people and processes to prepare for relentless cyberattacks.
As CIOs, CISOs, CTOs and IT managers think about strengthening cybersecurity strategies, they need to consider what happened in the previous year and what could get worse. Below are some of the threats to cybersecurity that remain consistently consistent – and should be guarded at all times.
See also: The Successful CISO: How to Build Stakeholder Confidence
1) Ransomware attacks move to smaller targets
Ransomware attacks are on the rise and will not back down any time soon. These attacks are a simple and low-risk way for criminals to make quick money.
Law enforcement is focused on incredible and high-profile attacks. However, this will only shift the possible attacks on medium and small companies. Law enforcement responses may not be as strong, and the rewards for crimes against small and medium-sized enterprises will still be lucrative.
2) Endless phishing with spear and phishing of whales
phishing attacks continue to target people who have access to money – or hackers think they have. For example, a duty officer receives his email compromised and the criminal retrieves their emails, which will have address books copied from vendors.
Attackers will try to persuade suppliers to direct money to a new bank, and this will sometimes be successful. Attackers will also use the address book to try to spam new people and compromise their emails, creating an almost endless circle of phishing. As the participants in the threat already have a basis, they will increase the attacks on consumers who have been compromised.
3) Crime does not take a day off
Criminals do not work the typical 40-hour work week from 9 to 5 and certainly do not have days off – so they will attack whenever it is profitable. Holidays and weekends have historically been the perfect time to access a company or email system, and this will continue to grow.
When Friday comes, workers tend to be more checked, and this gives the attacker a huge advantage of two to three days in someone’s account. Organizations need to be more vigilant about compromises on non-operational days.
4) Not to forget the network devices
Independent network devicesthat include routers, firewalls, and switches are not updated as often as servers within an organization. Attackers know this too well and will create more targeted attacks against these network devices.
Businesses usually don’t spend the downtime needed to update these devices – which needs to change. Internal IT engineers prefer not to update the firmware of these network devices due to the obvious threat.
5) Use of new staff for remote work
Even as Covid’s mandates rise, employers have changed their traditional office work model. Many employees continue to work remotely – and attackers will continue to try to take advantage of the situation.
One of the methods that criminals insist on is attracting new employees to buy gift cards. Often, new employees will receive an email pretending to be the “boss” asking them to buy gift cards or other things such as a gift for a customer. Because it’s not as easy as leaning into employees’ next workspace to ask if it’s standard, and new employees trying to make a good impression, employees can do exactly what their “bosses” want them to do – without to ask questions.
The above cybersecurity trends are being built, but fortunately there are many proactive and protective solutions that a company can implement to combat these threats. For example, a next-generation antivirus solution can definitely help on the ransomware front, and a reliable spam filtering solution will help with email.
If organizations remain on top of these key cyber-attack vulnerabilities, they are more likely to come out on top in the coming years.
See also: The best scanners for websites
About the author:
It’s Chip Gibbons Chief Information and Security Director for thrives.