Sustained Cyber Attacks Are The New Normal

With ransomware and other cyber attacks being at the forefront of the headlines in 2019, cybersecurity in 2020 is becoming an ever more pressing concern for organisation. 

Some businesses appear to be adjusting to the ‘new normal’ of sustained cyberattacks, but  there is much more to be done to protect your organisation.

This year began badly with geopolitical tension between the US and Iran, which set in motion, with the prospect that Iran would respond to this tension with a series of cyber-strikes. 

To date, Iran has developed destructive malware over the years and now has the capacity to destroy the integrity of data and systems. It has the technical acumen to conduct attacks against the West across numerous sectors, including energy, financial services, and critical national infrastructure, which is a reality that organisations need to be prepared for, bolstering their systems to defend against potential cyberattacks.

Even before this recent aggression, analysts foresaw that geopolitical tension and domestic terrorism would continue to manifest in cyberspace, ushering in an era of destructive attacks that could, be used to influence the 2020 US elections.  

In general, outside of geopolitical conflict and terrorism, malware continues to be a major threat.  In fact, it was the most prolific type of cyberattack UK businesses experienced in 2019, according to a recent  UK Threat Report from the experts at ITProPortal who found that 21 per cent reported seeing custom malware attacks most frequently and 10 per cent cited commodity malware. Altogether, 31 per cent of businesses reported malware to be the most witnessed attack type.

The Rise of Cloud-Jacking
ITProPortal conducted research to understand the challenges and issues facing UK businesses when it comes to escalating cyberattacks.  Its purpose is to identify trends in hacking and malicious attacks and the financial and reputational impact any breaches have had on organisations. 

The research found that humans are proving to be the weakest link in the cyber-defence chain.  Phishing attacks were the primary cause of attacks that resulted in a breach, with a third (33 per cent) of respondents affected.  Ransomware took second place with 20 per cent of businesses citing this as the primary cause.

ITProPortal forsee cloud-jacking and subsequent island hopping will become a more common practice in 2020 as attackers look to leverage an organisation’s infrastructure and brand against itself.

There will be a lot more cloud-jacking and island hopping via public cloud. They also predict an increase in mobile root kits, allowing hackers to gain full control over a victim’s device. These are rootkits that will give hackers control over other people’s mobile devices and allow them to manifest in the physical setting, like leveraging proximity settings on microphone, camera, location once they are in the device.  

Age of Cyber-Warfare
Greater awareness of external threats and risks have also prompted businesses to become more proactive about managing cyber-risks.  A survey carried out by UK cyber security firm Comtact  found that companies are tightening up on factors that they can control such as process weaknesses and, while 84 per cent reported being breached in the past 12 months and 90 per cent saw an increase in attack sophistication, 76 per cent of companies said they are more confident that they can repel cyberattacks today than they were a year ago.   

This is largely because cyber threat hunting is reaping benefits as teams identify threats that would previously have gone undetected.  

An increased level of investment with 93 per cent planning to increase their spending on cybersecurity which demonstrates that cybersecurity is maturing, and businesses are beginning to prioritise it effectively and right now, CEOs should be meeting with their CISOs to understand the vulnerabilities in their systems, asking them “do we have visibility across all of our devices? 

Cyber Security Actions
To combat cyber threats, organisations need the right people, processes and tools to secure your systems and data. All three need to work together for this to work. Hackers look for easy ways to break in to networks and weak passwords are a major vulnerabilty. Likewise, phishing is a major risk and organisations can reduce their risk with a cyber security improvement and employee training programmes that  your business.

The first step is to make sure your people know the basics of phishing scams, how ransomware infiltrates an organisation and how to protect themselves from email fraud.

Decison-makers need to identify their organisation's most critical vulnerabilities and address the biggest threats and types of infiltration most likely to affect their organisation.  This means developing an inventory on direct and indirect communications systems and hardware. It also means making your users aware of the vulnerabilities they themselves create, like choosing a weak password. 

If despite your best efforts, ransomware or a data breach manages to break through your systems and processes, you need to have a Major Incident plan that minimises downtime and wider business impact.


For more Information and advices please contact Cyber Security Intelligence.

ITProPortal:           ITProPortal:                 Comtact

You Might Also Read: 

The Scope Of A Cyber Security Audit:

Employee Training Is Vital For Commercial Cybersecurity:

 

 

 

« Cyber Security Salaries Rise As IT Breaches Increase
Canada's Government Breaks The Rules »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Wizard Computing

Wizard Computing

Wizard Computer Services is a full service IT solutions provider that offers managed services, consultation, installation, and support to small and large businesses in New England.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

SIGA

SIGA

SIGA provides cyber security solutions for Industrial Control Systems SCADA systems used in critical infrastructures and industrial processes.

Enosys Solutions

Enosys Solutions

Enosys Solutions is an IT security specialist with a skilled professional services team and 24x7 security operations centre servicing corporate and public sector organisations across Australia.

Sternum

Sternum

Sternum provides reliable and effective endpoint security for any IoT device, using robust technology and seamless integration.

Red Alert Labs

Red Alert Labs

Red Alert Labs is an IoT security provider. We created an independent security lab with a disruptive business offer to solve the technical and commercial challenges in IoT.

CS3STHLM

CS3STHLM

CS3STHLM is the Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

YorCyberSec

YorCyberSec

YorCyberSec act as a trusted Cyber and Information Security broker and procurement specialist. We help companies to Reduce Risk, Increase Assurance and Improve Performance.

Anchor Technologies Inc (ATI)

Anchor Technologies Inc (ATI)

Anchor provides a full spectrum of cybersecurity services assisting our clients with all aspects of cybersecurity risk planning, identification, management, and monitoring.

Calamu

Calamu

Calamu is a software-defined storage security and resiliency platform that keeps your data secure and accessible wherever you choose to store it.

Amyna Systems

Amyna Systems

Amyna has developed an IoT cybersecurity platform that prevents malignant attacks, helping users to protect themselves from cyberattacks.

Knowit

Knowit

Knowit support customers in the digital transformation, simplify people’s everyday lives and create secure and innovative solutions enabling a sustainable future.

QPoint Technologies

QPoint Technologies

QPoint provides solutions and consulting in areas including software engineering, testing, cybersecurity, ICT, web, mobile, project management, and complex integration processes.

Health Sector Cybersecurity Coordination Center (HC3)

Health Sector Cybersecurity Coordination Center (HC3)

HC3 was created by the US Department of Health and Human Services to aid in the protection of vital, controlled, healthcare-related information.