Sustained Cyber Attacks Are The New Normal
With ransomware and other cyber attacks being at the forefront of the headlines in 2019, cybersecurity in 2020 is becoming an ever more pressing concern for organisation.
Some businesses appear to be adjusting to the ‘new normal’ of sustained cyberattacks, but there is much more to be done to protect your organisation.
This year began badly with geopolitical tension between the US and Iran, which set in motion, with the prospect that Iran would respond to this tension with a series of cyber-strikes.
To date, Iran has developed destructive malware over the years and now has the capacity to destroy the integrity of data and systems. It has the technical acumen to conduct attacks against the West across numerous sectors, including energy, financial services, and critical national infrastructure, which is a reality that organisations need to be prepared for, bolstering their systems to defend against potential cyberattacks.
Even before this recent aggression, analysts foresaw that geopolitical tension and domestic terrorism would continue to manifest in cyberspace, ushering in an era of destructive attacks that could, be used to influence the 2020 US elections.
In general, outside of geopolitical conflict and terrorism, malware continues to be a major threat. In fact, it was the most prolific type of cyberattack UK businesses experienced in 2019, according to a recent UK Threat Report from the experts at ITProPortal who found that 21 per cent reported seeing custom malware attacks most frequently and 10 per cent cited commodity malware. Altogether, 31 per cent of businesses reported malware to be the most witnessed attack type.
The Rise of Cloud-Jacking
ITProPortal conducted research to understand the challenges and issues facing UK businesses when it comes to escalating cyberattacks. Its purpose is to identify trends in hacking and malicious attacks and the financial and reputational impact any breaches have had on organisations.
The research found that humans are proving to be the weakest link in the cyber-defence chain. Phishing attacks were the primary cause of attacks that resulted in a breach, with a third (33 per cent) of respondents affected. Ransomware took second place with 20 per cent of businesses citing this as the primary cause.
ITProPortal forsee cloud-jacking and subsequent island hopping will become a more common practice in 2020 as attackers look to leverage an organisation’s infrastructure and brand against itself.
There will be a lot more cloud-jacking and island hopping via public cloud. They also predict an increase in mobile root kits, allowing hackers to gain full control over a victim’s device. These are rootkits that will give hackers control over other people’s mobile devices and allow them to manifest in the physical setting, like leveraging proximity settings on microphone, camera, location once they are in the device.
Age of Cyber-Warfare
Greater awareness of external threats and risks have also prompted businesses to become more proactive about managing cyber-risks. A survey carried out by UK cyber security firm Comtact found that companies are tightening up on factors that they can control such as process weaknesses and, while 84 per cent reported being breached in the past 12 months and 90 per cent saw an increase in attack sophistication, 76 per cent of companies said they are more confident that they can repel cyberattacks today than they were a year ago.
This is largely because cyber threat hunting is reaping benefits as teams identify threats that would previously have gone undetected.
An increased level of investment with 93 per cent planning to increase their spending on cybersecurity which demonstrates that cybersecurity is maturing, and businesses are beginning to prioritise it effectively and right now, CEOs should be meeting with their CISOs to understand the vulnerabilities in their systems, asking them “do we have visibility across all of our devices?
Cyber Security Actions
To combat cyber threats, organisations need the right people, processes and tools to secure your systems and data. All three need to work together for this to work. Hackers look for easy ways to break in to networks and weak passwords are a major vulnerabilty. Likewise, phishing is a major risk and organisations can reduce their risk with a cyber security improvement and employee training programmes that your business.
The first step is to make sure your people know the basics of phishing scams, how ransomware infiltrates an organisation and how to protect themselves from email fraud.
Decison-makers need to identify their organisation's most critical vulnerabilities and address the biggest threats and types of infiltration most likely to affect their organisation. This means developing an inventory on direct and indirect communications systems and hardware. It also means making your users aware of the vulnerabilities they themselves create, like choosing a weak password.
If despite your best efforts, ransomware or a data breach manages to break through your systems and processes, you need to have a Major Incident plan that minimises downtime and wider business impact.
For more Information and advices please contact Cyber Security Intelligence.
ITProPortal: ITProPortal: Comtact:
You Might Also Read:
The Scope Of A Cyber Security Audit:
Employee Training Is Vital For Commercial Cybersecurity: