Sustained Cyber Attacks Are The New Normal

Uploaded on 2020-02-24 in NEWS-Cybersecurity News, FREE TO VIEW

With ransomware and other cyber attacks being at the forefront of the headlines in 2019, cybersecurity in 2020 is becoming an ever more pressing concern for organisation. 

Some businesses appear to be adjusting to the ‘new normal’ of sustained cyberattacks, but  there is much more to be done to protect your organisation.

This year began badly with geopolitical tension between the US and Iran, which set in motion, with the prospect that Iran would respond to this tension with a series of cyber-strikes. 

To date, Iran has developed destructive malware over the years and now has the capacity to destroy the integrity of data and systems. It has the technical acumen to conduct attacks against the West across numerous sectors, including energy, financial services, and critical national infrastructure, which is a reality that organisations need to be prepared for, bolstering their systems to defend against potential cyberattacks.

Even before this recent aggression, analysts foresaw that geopolitical tension and domestic terrorism would continue to manifest in cyberspace, ushering in an era of destructive attacks that could, be used to influence the 2020 US elections.  

In general, outside of geopolitical conflict and terrorism, malware continues to be a major threat.  In fact, it was the most prolific type of cyberattack UK businesses experienced in 2019, according to a recent  UK Threat Report from the experts at ITProPortal who found that 21 per cent reported seeing custom malware attacks most frequently and 10 per cent cited commodity malware. Altogether, 31 per cent of businesses reported malware to be the most witnessed attack type.

The Rise of Cloud-Jacking
ITProPortal conducted research to understand the challenges and issues facing UK businesses when it comes to escalating cyberattacks.  Its purpose is to identify trends in hacking and malicious attacks and the financial and reputational impact any breaches have had on organisations. 

The research found that humans are proving to be the weakest link in the cyber-defence chain.  Phishing attacks were the primary cause of attacks that resulted in a breach, with a third (33 per cent) of respondents affected.  Ransomware took second place with 20 per cent of businesses citing this as the primary cause.

ITProPortal forsee cloud-jacking and subsequent island hopping will become a more common practice in 2020 as attackers look to leverage an organisation’s infrastructure and brand against itself.

There will be a lot more cloud-jacking and island hopping via public cloud. They also predict an increase in mobile root kits, allowing hackers to gain full control over a victim’s device. These are rootkits that will give hackers control over other people’s mobile devices and allow them to manifest in the physical setting, like leveraging proximity settings on microphone, camera, location once they are in the device.  

Age of Cyber-Warfare
Greater awareness of external threats and risks have also prompted businesses to become more proactive about managing cyber-risks.  A survey carried out by UK cyber security firm Comtact  found that companies are tightening up on factors that they can control such as process weaknesses and, while 84 per cent reported being breached in the past 12 months and 90 per cent saw an increase in attack sophistication, 76 per cent of companies said they are more confident that they can repel cyberattacks today than they were a year ago.   

This is largely because cyber threat hunting is reaping benefits as teams identify threats that would previously have gone undetected.  

An increased level of investment with 93 per cent planning to increase their spending on cybersecurity which demonstrates that cybersecurity is maturing, and businesses are beginning to prioritise it effectively and right now, CEOs should be meeting with their CISOs to understand the vulnerabilities in their systems, asking them “do we have visibility across all of our devices? 

Cyber Security Actions
To combat cyber threats, organisations need the right people, processes and tools to secure your systems and data. All three need to work together for this to work. Hackers look for easy ways to break in to networks and weak passwords are a major vulnerabilty. Likewise, phishing is a major risk and organisations can reduce their risk with a cyber security improvement and employee training programmes that  your business.

The first step is to make sure your people know the basics of phishing scams, how ransomware infiltrates an organisation and how to protect themselves from email fraud.

Decison-makers need to identify their organisation's most critical vulnerabilities and address the biggest threats and types of infiltration most likely to affect their organisation.  This means developing an inventory on direct and indirect communications systems and hardware. It also means making your users aware of the vulnerabilities they themselves create, like choosing a weak password. 

If despite your best efforts, ransomware or a data breach manages to break through your systems and processes, you need to have a Major Incident plan that minimises downtime and wider business impact.


For more Information and advices please contact Cyber Security Intelligence.

ITProPortal:           ITProPortal:                 Comtact

You Might Also Read: 

The Scope Of A Cyber Security Audit:

Employee Training Is Vital For Commercial Cybersecurity:

 

 

 

« Cyber Security Salaries Rise As IT Breaches Increase
Canada's Government Breaks The Rules »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Digital Defense Inc (DDI)

Digital Defense Inc (DDI)

DDI offers vulnerability scanning, penetration testing, web application testing, social engineering and additional security assessments.

Telspace Systems

Telspace Systems

Telspace Systems provides penetration testing, vulnerability assessment and training services.

SEC Consult

SEC Consult

SEC Consult is a leading European consultancy for application security services and information security.

Cyber Defense Networking Solutions (CDNS)

Cyber Defense Networking Solutions (CDNS)

CDNS is a global network infrastructure provider whose platforms are engineered for security, optimized for speed and designed for resiliency.

Udacity

Udacity

Udacity's mission is to train the world’s workforce in the careers of the future. Our programs range from beginner to expert levels and deliver the hands-on skills for real-world expertise.

Techstep

Techstep

Techstep is a complete mobile technology enabler, making positive changes to the world of work; freeing people to work more effectively, securely and sustainably.

Rhymetec

Rhymetec

Rhymetec are an industry leader in cloud security, providing innovative cybersecurity and data privacy services to the modern-day SaaS business.

Avalor

Avalor

Avalor are on a mission to help security teams make faster, more accurate decisions by making sense of their data. With Avalor you can bring in data from anywhere, normalize it and analyze it.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

Zeus Cloud

Zeus Cloud

Zeus Cloud provide clients with world-class web hosting services to businesses both big and small.

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.

SureCloud Cyber Services

SureCloud Cyber Services

Our Cyber Testing capability has been honed since we were founded in 2006 as a disrupter in the penetration testing market.

Iron EagleX

Iron EagleX

Iron EagleX deliver engineering solutions in cloud computing, big data, cyber, and machine learning technologies to US Government customers.

Gathid

Gathid

Gathid is a unique and versatile identity governance platform providing organizations with the ability to model, explore, audit, and track complex access-related scenarios.

Black Belt Secure

Black Belt Secure

We provide critical cybersecurity services such as managed security, ransomware mitigation, penetration testing, system auditing and compliance services to your organization.

NST Cyber

NST Cyber

NST Cyber provides comprehensive Threat Exposure Management to Global banks and Forbes 2000 companies.