What did you understand about the recent cyber attacks that have sown panic in France and Italy? Beyond the technical aspects, it is worth considering the general picture: cybercrime is growing in quantity and quality.
And its growth accelerates, too. The rise of cloud systems, a workforce starting to perform tasks remotely, increasingly advanced social engineering techniques: the "attackers" have more and more weapons.
How do we fight them?
Cyber security professionals are tasked with dealing with more and more threats. Not only that, they must also multiply their efforts to educate and raise awareness: a part of cyberattacks depends on how we test the security of our computers.
Here are the top five cyberthreats doing damage today, and how security teams can prevent cyberattackers from breaching critical business data.
1 The number one enemy in the field of cyber attacks: you
Second the Open Web Application Security Project (OWASP) 2021 report, wrong access management it is ranked as the top threat: in 2017 it was "only" in fifth place. And it makes sense, if you think about it: the simplest thing for an attacker is not to "break into" a system, but to take advantage of those who leave the doors open. And God only knows how much time we waste changing passwords, resetting them. Especially to forget them. If you don't believe us, check this out survey by ExpressVPN which explains it very clearly.
The access of every employee of a company represents a potential risk for the security of corporate data. Managers must carry out stringent data authorization controls, constantly monitoring whether the information is in the right hands. Solution: the philosophy of "Zero trust" is not just a sentence of circumstance, but represents the most appropriate method to protect yourself from cyber attacks.
2 Phishing and social engineering fraud
Phishing is a popular form of socially engineered cyberattacks. Criminals exploit users' emotions, such as fear and a sense of urgency, to steal information and money. Among the most popular: requests for donations on fake websites, requests to change access credentials to banks or streaming services. Other effective "tricks" are fake courier delivery information or fake requests from bosses and colleagues.
A recent Abnormal Security report on email threats showed that from January to June 2022, the phenomenon increased by a staggering 48%. Literally millions of these emails rain down, and someone always takes the bait. Solution: Dramatically enhance cybersecurity education.
3 Lack of suitable professionals
The talent shortage among security professionals is weakening companies, which are too often unaware of the danger. The dismissals of members of the security team are real boomerangs, leaving real prairies for those who carry out cyber attacks.
Solution (partial): automation becomes crucial to compensate for manpower shortages. There are tools that help you perform faster, more focused security testing by proactively identifying gaps—they won't fully fix them, but at least they won't leave them completely uncovered.
4 Internet of things
The Internet of Things (IoT) that multiplies connectivity and data exchange represents new territory for cybercriminals seeking access to private information. The IoT is intrinsically linked to our personal lives and encompasses a huge range of devices, from our home appliances to industrial machinery. Even sensitive medical and personal data.
Solution: constant updating of software and firmware is essential to prevent cyber attacks and fix vulnerabilities. Protecting systems and devices with strong and regularly changed passwords helps avoid default settings, which are easy grounds for Distributed Denial of Service (DDoS) attacks.
Password protection isn't foolproof, of course, but it can help a lot.
Either way, with EU legislation already proposing tough mandates for cybersecurity by 2024, overseas too are scrambling to comply with the regulations. It's only a matter of time before the US orders companies working in the IoT field to strengthen their cybersecurity. Maybe (I'm not sure) then things will improve.
5 Cyber attacks with Ransomware as a service
Pay-per-use malware, better known as ransomeware-as-a-service (RaaS), is a growing threat in organized cyber crime gangs. To give you an example: last year Vice Society, a cybercriminal group, attacked an entire school district in Los Angeles by locking down systems and demanding ransoms.
The authorities refused to pay, at which point the "cyber criminals" leaked 500 GB of private student and faculty data. Second a recent study of Sophos, the average cost to recover from a ransomware attack in 2021 was $1,4 million, a price most companies and organizations simply cannot afford.
Solution: the best way to strengthen the security infrastructure of organizations and companies, and prevent ransomware cyber attacks is to continuously test, monitor and implement partnerships with ethical hackers.
A future of cyber attacks?
Cyberattack news headlines are rampant, and the severity of attacks continues to escalate.
And it's a positive: awareness of the problem will be more and more mass, and that's a good thing, because it's up to each individual to strengthen his own computer security through knowledge and training. As technology continues to develop, cybersecurity threats will infiltrate new mediums.
Knowledge is power: arm yourself.
