A majority of savvy businesses have come to the realisation that cybersecurity is now an accepted part of their daily routine. It comes as no surprise that threat actors continue to try to overcome every barrier and in doing so, they are developing more sophisticated technology methods. As the global community battles the fallout from the pandemic on one side, cyber criminals beef up their attacks on the other side; creating a landscape that often feels like “whack-a-mole” for every IT Department. The good news is that recognising the dangers empower a business to bring cyber professionals onboard to address the ever changing cyber landscape. A few top areas to pay attention to include:
Attacks via Third Party/Supply Chain
Almost every business interacts with third party vendors and many of these are supply chains. While these may be long term relationships, the priority must be placed on continued vetting to encourage the trust that is required. Quite a few of the more recent corporate hacks have occurred due to weaknesses in third party partnerships, which in turn, has wreaked havoc on all that were involved. Just one Java-based Apache Log4j library defect cause a cascading affect to allow cybercriminals to launch attacks for the control of the systems they targeted. Establish best practice routines for all partners and vendors to ensure that all software and access points are encrypted and protected.
The New Remote Environment
COVID-19 created a completely new workforce with some working remotely and others in a hybrid workforce condition. Knowing that companies were not set up for secure remote access on such a scale, threat actors took advantage of this almost overnight emergency situation. Organisations are balancing both remote and in-office staff with a high demand for network security to work in tandem for each condition. The requirement for high level risk assessment from cyber security professionals is now a priority to ensure the safety of proprietary data. This practice needs to be incorporated as ongoing to maintain security against the ever changing cybercriminal methods of attack.
Ransomware and Phishing Continues with a Vengeance
Threat actors took full advantage in 2020 in ransomware attacks as they increased 148%. By 2021 ransomware attacks represented 21% of cyber breaches. Ransomware depends on human error of clicking on infected websites or downloading infected files so that staff may not even realise that they have opened the door for locking a network so that the criminals can demand a ransom payment for the decryption code. Phishing represents about 25% of cyber attacks and involves tricking employees to reveal sensitive information such as passwords, credit cards, etc. Training employees to know what to look for in protecting against ransomware and phishing is the most effective way to deter these criminals. While many of these criminals have focused on public services, private companies represent a goldmine of data for their activities and every business needs to be alert and take high level precautions.
“Every company needs to focus on the success of their business and just one system breach can be devastating to an organisation. DaVinci Cybersecurity maintains up-to-date information on the methods that cybercriminals use, work with IT Departments for risk analysis, and train staff on the ways to protect themselves and the company. Our team considers ourselves to be an integral partner to help to ensure your protection.”
Sharon Knowles, CEO DaVinci Cybersecurity