The COVID-19 pandemic impacted individuals and businesses all over the world in so many ways. Practically overnight, it changed the way people went about their daily routines and how companies operated. Amidst all the chaos, changes to the cyber landscape increased at an extraordinary rate.
The COVID-19 pandemic impacted individuals and businesses allover the world in so many ways. Practically overnight, it changed the way people went about their daily routines and how companies operated. Amidst all the chaos, changes to the cyber landscape increased at an extraordinary rate. Some of the trends that fueled these changes and continue to power them are:
1. Increased Use of Internet of Things (IoT)
· About 56 federal agencies in the U.S. reported using Internet of Things (IoT) technologies.
· In 2021, experts expect the number of connected devices to reach 10.07 billion!
2. Rapid Movement to the Cloud
· Global public cloud end-user usage is expected to grow by over 18% in 2021.
3. Digital Transformation
· IT spending is expected to hit $3.9 trillion in 2021.
· Spending on digital technologies increased from $1 trillion in 2018 to $2.39 trillion in 2021.
4. The Work-From-Home Model
· Over 70% of all departments and teams are expected to have remote workers by 2028.
With an expanding attack surface comes increased cybercrime. According to an FBI report, cyberattacks have skyrocketed by over 300% since the start of the pandemic, making it even more important to identify and deflate cyberthreats to protect the health and future of your business.
1. Targeted Ransomware Attacks
Ransomware attacks have been a nuisance to businesses for a long time. Experts have estimated that about 10%of breaches reported in 2021, thus far, involved ransomware. The success of this type of cyberattack is attributed to the simplicity and speed that an attacker can wreak havoc. It should also be worrisome to everyone that Ransomware Kits are available, and inexpensively, on the dark web!
Ransomware creators are constantly devising new plans to bypass the defenses set in place by businesses. Without precautionary measures in place, SMBs could find themselves at risk.
2. Phishing Attacks
Phishing attacks use social engineering attempts in email and cloud services attacks. Phishing attacks can lead to total account control and takeover, credential theft and so much more. According to one report, phishing attacks increased by 11% in 2021 alone!
Cybercriminals using phishing scams as their method of attack have been cunning enough to tilt every global event to their advantage. For example, when the pandemic initially began, phishing emails were sent out all over the world in the name of the World Health Organization (WHO). Later, when vaccines were rolled out, scam emails would have a vaccine company’s name as the sender.
3. Insider Threats
Shockingly, close to 20% of breaches involve internal actors. The problem with insider threats is that they’re often the toughest to detect.
The most common causes of inside incidents are:
· Negligent employees or hired help – 62%
· Criminal or malicious insiders – 23%
· Credential theft – 14%
4. Fileless Attacks
A fileless attack aims to exploit the features and tools of a victim’s environment. It doesn’t depend on file-dependent payloads or generate a new file. This leaves no footprint and makes fileless attacks very hard to detect. A fileless attack is reported to be10 times more successful than a file-based attack.
Fileless attacks can originate through an email that directs you to a malicious website. From there, using social engineering techniques, the cybercriminal can use system tools to distribute payloads and execute commands. Since these system tools are part of your IT environment, the threat can evade outdated security systems!
You can ramp up your IT security and protect your business by following the steps below:
· Keep your systems updated and safe from cyberattacks that exploit known software vulnerabilities by automating patch and vulnerability management.
· Ensure effective and quick recovery from cyber disruption by backing up your systems and SaaS applications.
· Secure your systems by deploying advanced antivirus and antimalware solutions that provide endpoint detection and response (EDR).
· Make sure every new device has the necessary security tools to start with — local firewall, DNS filtering, malware protection, multifactor authentication (MFA) and disk encryption.
· Always be ready with an incident response plan! No breach can shake you if you have a robust action plan. The plan should have a communication strategy with all stakeholders, including your investors and valued customers.
· Provider regular security training to your employees and vendors.
If thinking about assessing your current cybersecurity posture gives you anxiety and you’re not sure where to start, don’t worry. We can take the assessment off your plate and suggest the right solutions for your business. An experienced partner like Tekie Geek can make your cybersecurity journey seamless and successful. Contact us today for your cybersecurity assessment!