What did you understand about the recent cyber attacks that have sown panic in France and Italy? Beyond the technical aspects, it is worth considering the general picture: cybercrime is growing in quantity and quality.
And its growth accelerates, too. The rise of cloud systems, a workforce that begins to perform tasks remotely, increasingly advanced social engineering techniques: “attackers” have more and more weapons.
How do we fight them?
Cyber security professionals are tasked with dealing with more and more threats. Not only that, they must also multiply their efforts to educate and raise awareness: a part of cyberattacks depends on how we test the security of our computers.
Here are the top five cyberthreats doing damage today, and how security teams can prevent cyberattackers from breaching critical business data.
The number one enemy in the field of cyber attacks: you
Secondo the Open Web Application Security Project (OWASP) 2021 report, wrong access management is classified as the main threat: in 2017 it was “only” in fifth place. And it makes sense, if you think about it: the simplest thing for an attacker is not to "break into" a system, but to take advantage of those who leave doors open. And God only knows how much time we waste changing passwords, resetting them. Above all to forget them. If you don't believe us, check this out survey by ExpressVPN which explains it very clearly.
The access of every employee of a company represents a potential risk to the security of company data. Managers must carry out rigorous data authorization checks, constantly monitoring whether the information is in the right hands. Solution: the "Zero trust" philosophy is not just a phrase of circumstance, but represents the most appropriate method to protect yourself from cyber attacks.
Phishing and social engineering fraud
Phishing scams are a popular form of social engineering cyber attack. Criminals exploit users' emotions, such as fear and sense of urgency, to steal information and money. Among the most popular: requests for donations on fake websites, requests to change login credentials for banks or streaming services. Other effective "tricks" include fake courier delivery information or fake requests from bosses and colleagues.
A recent Abnormal Security report on email threats showed that from January to June 2022, the phenomenon increased by a staggering 48%. Literally millions of these emails rain down, and someone always takes the bait. Solution: Dramatically enhance cybersecurity education.
Lack of suitable professionals
The talent shortage among security professionals is weakening companies, which are too often unaware of the danger. The dismissals of members of the security team are real boomerangs, leaving real prairies for those who carry out cyber attacks.
Solution (partial): automation becomes crucial to compensate for staff shortages. There are tools that help you carry out faster and more targeted security tests, proactively identifying gaps: they won't completely solve them, but at least they won't leave you completely uncovered.
Internet of things
The Internet of Things (IoT) that multiplies connectivity and data exchange represents new territory for cybercriminals seeking to access private information. The IoT is intrinsically linked to our personal lives and encompasses a wide range of devices, from our household appliances to industrial machinery. Even sensitive medical and personal data.
Solution: Constantly updating software and firmware is essential to prevent cyber attacks and fix vulnerabilities. Protecting systems and devices with complex and regularly changed passwords helps avoid default settings, an easy ground for Distributed Denial of Service (DDoS) attacks.
Password protection isn't foolproof, of course, but it can help a lot.
However, with EU legislation already proposing strict mandates for cybersecurity by 2024, countries abroad are also scrambling to comply. It's only a matter of time before the US orders IoT companies to strengthen their cybersecurity. Maybe (I'm not sure) things will get better.
Cyber attacks with Ransomware as a service
Pay-per-use malware, better known as ransomeware-as-a-service (RaaS), is a growing threat in organized cyber crime gangs. To give you an example: last year Vice Society, a cybercriminal group, attacked an entire school district in Los Angeles by locking down systems and demanding ransoms.
The authorities refused to pay, at which point the “cyber criminals” leaked 500 GB of private student and faculty data. Second a recent study of Sophos, the average cost to recover from a ransomware attack in 2021 was $1,4 million, a price most companies and organizations simply cannot afford.
Solution: The best way to strengthen the security infrastructure of organizations and companies, and prevent ransomware cyber attacks, is to continuously test, monitor and implement collaborations with ethical hackers.
A future of cyber attacks?
Cyberattack news headlines are rampant, and the severity of attacks continues to escalate.
And it's a positive: awareness of the problem will be more and more mass, and that's a good thing, because it's up to each individual to strengthen his own computer security through knowledge and training. As technology continues to develop, cybersecurity threats will infiltrate new mediums.
Knowledge is power: arm yourself.