Last year saw the highest average cost of a data breach in 17 years, with a cost increasing from $3.86 million to $4.24 million per year, according to the IBM cost of a data breach report. Clearly, organizations must have the right people and processes in place to prepare for relentless cyber attackers.
When CIOs, CISOs, CTOs and IT managers think about advancing cybersecurity strategies, they need to consider what happened the year before and what could get worse. Below are some of the cyber security threats that remain stubbornly consistent and need to be protected at all times.
See also: The Successful CISO: How to Build Stakeholder Trust
1) Ransomware attacks shift to smaller targets
Ransomware attacks are on the rise and will not stop any time soon. These attacks are a simple, low-risk way for criminals to make a quick buck.
Law enforcement is focused on heinous, high-profile attacks. However, this will only change the likely attacks on small and medium-sized businesses. Law enforcement responses may not be as robust and criminal pay for targeting SMEs will continue to be lucrative.
2) Endless Spear Phishing and Whale Phishing
Identity fraud attacks continue to target people who have access to money, or hackers believe they do. For example, an accounts payable clerk sees her email compromised and the criminal downloads her emails, which will have address books copied from vendors.
The attackers will try to persuade the providers to route the money to a new bank, and this will sometimes be successful. Attackers will also use the address book to attempt to spam new people and compromise their emails creating an almost endless cycle of phishing. Since threat actors now have a built-in base, attacks on users who have been compromised will increase.
3) Crime doesn’t take a day off
Criminals don’t work the typical 9-5, 40-hour workweek and certainly don’t have vacation days, so they’ll strike when it’s advantageous. Holidays and weekends have historically been a perfect time to gain access to a company or email system, and this will continue to increase.
Come Friday, workers tend to be more unprotected and this gives the attacker a huge two or three day head start on someone’s account. Organizations need to be more vigilant about commitments on non-operational days.
4) Let’s not forget the network devices
Be unique network devices, which include routers, firewalls, and switches, are not updated as frequently as servers within an organization. Attackers know this very well and will create more targeted attacks against these network devices.
Companies typically don’t spend the downtime necessary to update these devices, which should change. Internal IT engineers prefer not to update the firmware on these network devices due to the apparent threat.
5) Exploitation of new remote work staff
Even as Covid mandates lift, employers have changed their traditional “work in the office” model. Many employees are still working remotely, and attackers will continue to try to take advantage of the situation.
One of the methods that criminals are pushing is to get new employees to buy gift cards. New hires often get an email pretending to be “the boss” and asking them to buy gift cards or other things, like a gift for a client. Since it’s not as easy as leaning over to the next employee workspace to ask if this is standard, and new employees are trying to make a good impression, workers can do as their “bosses” have asked, without asking questions.
The aforementioned cybersecurity trends have been building, but fortunately there are many protective and proactive solutions a business can implement to combat these threats. For example, a next-gen antivirus solution can definitely help on the ransomware front, and a reliable spam filtering solution will help you with email.
If organizations stay on top of these key vulnerabilities to cyberattacks, they stand a better chance of being victorious for years to come.
See also: Best website scanners
About the Author:
Chip Gibbons is the Director of Information and Security of To flourish.