Adapting to the cybersecurity demands caused by the most disruptive year on record
It goes without saying that the world of business has changed drastically over the last year, and consequently, the cyber threatscape has adapted to capitalise on WFH operations, distributed workforces, and untrained remote employees. As a result, companies, employees, and consumers have been put under more pressure than ever before…
It goes without saying that the world of business has changed drastically over the last year, and consequently, the cyber threatscape has adapted to capitalise on WFH operations, distributed workforces, and untrained remote employees. As a result, companies, employees, and consumers have been put under more pressure than ever before to remain increasingly vigilant when it comes to the likes of social engineering attacks, phishing scams, malware, and fraud.
The sophistication and impact of cyber-attack campaigns have also grown. And, in recent times, we have witnessed the most financially devastating cases of cybercrimes related to massive data breaches, ransomware, and services impersonation, to name just a few, and it’s important to understand how exactly the 2020 cyber landscape has altered so differently from previous years so that we can defend against it as we move further into the new year and the pandemic ‘hopefully’ begins to subside
2019 vs 2020
Businesses faced a 20% rise in cybersecurity threats last year versus 2019, with the first national lockdown in March serving as the catalyst for a year of increased efforts to infiltrate corporate networks. According to research from specialist internet service provider Beaming, businesses in the UK each faced 686,961 attempts on average to breach their systems online in 2020. This equates to an attempted attack every 46 seconds, with 2020 proving to be the busiest year on record for cyber-attacks.
Remote working and the resulting business struggles were the main cause for the surge in cyber-attacks facing companies throughout 2020 and hackers focused on it. In fact, Barracuda’s research revealed insights about how targeted attacks evolved last year and the ways in which cybercriminals are maximized their impact through the exploitation of fears around the pandemic. Business email compromise (BEC) now makes up 12% of the spear-phishing attacks, an increase from just 7% in 2019. Also, 72% of Pandemic-related attacks were classified as scamming, meaning that attackers preferred to use the Pandemic in their less targeted scamming attacks that focus on fake cures and donations.
Criminals capitalised on the fact people were hungry for the Pandemic-related news, spreading misinformation, targeting hospitals and impersonating the UN, WHO and other international organisations to distribute malware and ransomware.
The responsibility of business owners
Business owners in the UK have a responsibility to protect their customers and employees against all data theft and hacking attempts. They can do this by equipping their servers with cloud-based firewalls and AI-enabled security defense applications, alongside diligent security and online threat awareness training for remote employees. Sophisticated email security can also be extremely effective in blocking large amounts of malicious content aimed at busy or susceptible workers.
2020 certainly saw plenty of headlines involving data breaches in the last year. However, hearing about a breach is one thing but understanding the methods cybercriminals employed to create that breach is a totally different matter altogether. One thing an organisation might want to consider is inviting company leaders to participate in a series of online exercises to show just how easily a business can be derailed by a series of crippling cybersecurity attacks. Business leaders need to understand the anatomy of how some of the most recent high-profile cybersecurity breaches were accomplished. The easier it is to understand how a breach occurred the less likely it becomes a corporate executive will view cybersecurity as some sort of dark art that is beyond the scope of their ability to influence.
The internet is a battleground
In 2020, as most businesses transitioned to remote working in order to cope with the pandemic, the internet became a battleground. Cybercriminals took advantage of the fact that a lot of workers were unaware of the dangers of working from a remote location, so inevitably, Barracuda researchers saw a significant rise in phishing, DDoS attacks, malware, impersonation and BEC.
Combatting this issue has required an overhaul of cybersecurity policy. Personal devices must be protected with a VPN, and public cloud applications and infrastructure should be properly protected with the right application security. Additionally, AI-enabled inbox defense software should be prioritized – the right software will be able to spot suspicious content, intercept potentially dangerous content, or flag a compromised email account, which, in turn, significantly reduces the threat of human error, which is still the leading cause of leaked passwords, compromised data, and mis-clicked malware or phishing content.
Employees should also be sufficiently trained on the evolving cyber threatscape and learn the best-practice security methods when working from a remote environment. Cyber trends and threats must be properly observed, and CSOs and IT Managers should be constantly on the lookout for new angles and entry points to their system, which cyberattacks will eventually find, and will eventually take advantage of, unless properly diagnosed.
Last year’s rise in cyber-attacks and phishing emails based on coronavirus was a new trend, however, the same precautions for email security will still apply and will continue to do so beyond the pandemic. Organisations of all sizes must be wary of any emails attempting to get users to open attachments or click links. And it is important that employees watch out for any communications claiming to be from sources that they normally would not receive emails from and those from unrecognised organisations should be scrutinised closely.
The threat to UK businesses from hackers and other malicious groups online was certainly magnified in 2020, just as the Internet became increasingly important to many more parts of the economy. Last year, we saw the best of the Internet, as businesses adapted to survive, but in the process, we saw threats rise and the stakes get even higher, with cyber risk in today’s environment representing nothing short of an existential challenge for organisations.