Cyber risks are ever increasing in the Covid-19 era. Whilst businesses quickly scrambled to support an overnight shift to work-from-home, the cyber attack surface rapidly expanded as employees were granted remote access to data and applications. This, along with a spate of high-profile breaches, has resulted in cyber security shooting up the boardroom priority list for most organisations.
The nature of cyber crime means that it’s rare that the cyber criminals are caught, with businesses often left handling the fallout when a data breach or attack impacts them or their customers. Even with insurance in place, it is ultimately the business that is blamed for negligence and legally culpable if an attack causes damage – financial or otherwise – due to poor cyber resilience planning.
The recent Emotet take down is one of a few examples where the criminals were found and action was taken by law enforcement. But when you consider the scale of global cyber crime this really is a drop in the ocean.
The next wave of cyber adversaries, and how to protect against them
The changing nature of attacks
Covid-19 has seen cyber criminals working overtime to take advantage of individuals and businesses amid the transition to a mostly online lifestyle – and nobody is safe, with more than 70% of cyber attacks now targeting small businesses.
Hackers are increasingly targeting SMBs as, to them, it’s easy money: the smaller the business is, the less likely it is to have adequate cyber defences. Even larger SMBs typically don’t have the budgets or resources for dedicated security teams or state-of-the-art threat prevention or protection.
Ransomware, for instance, is one of the biggest threats companies are facing today. While we saw the volume of ransomware attacks decline last year, this was only because ransomware has become more targeted, better implemented, and much more ruthless, with criminals specifically targeting higher value and weaker targets.
One of the most interesting – and concerning – findings from our report, “The Hidden Cost of Malware”, was that the businesses had become preferred targets because they can and will pay more to get their data back. About of quarter of companies in our survey were asked to pay between $11,000 and $50,000, and almost 35% were asked to pay between $51,000 and $100,000.
In fact, ransomware has become so lucrative and popular that it’s now available as a “starter kit” on the dark web. This now means that novice cyber criminals can build automated campaigns to target businesses of any size.
These individuals are operating in the field alongside ransomware cartels, who are becoming increasingly more deliberate in how they target victims to maximise profits. The groups that carry out these attacks have typically done recon on their targets to discover exactly how to breach them and which systems to encrypt to cause maximum disruption.
War of the AI algorithms: the next evolution of cyber attacks
All businesses need to be cyber resilient
For smaller businesses, tackling cyber security can seem a costly affair. However, getting the basics in place is key. Businesses need to focus on cyber hygiene, patching, controlling user access, two-factor authentication, firewalls, and security training.
A vital part of any organisation’s defence is employee education, which should be the bedrock of a security strategy. This begins with IT admins keeping the wider company updated and educated on the threat landscape.
Security awareness training should be implemented for staff from day one, ensuring that they are vigilant in scrutinising the types of emails they receive. This should then be underpinned by cyber security technology such as email filtering, anti-virus protection, and sensible password policies.
Be prepared for the worst-case scenario
To maintain their cyber resilience, all organisations need to ensure they have an incident response plan in place to ensure they are prepared for worst-case scenarios.
This involves creating a response team responsible for stopping attacks in their tracks, or mitigating risk, before communicating the incident and leading on any necessary recovery.
A comprehensive incident response plan should identify priority data and assets for recovery, and IT and security teams should also remember that they will not be able to ‘turn it all back on’ at once. The backup and recovery process should also be tested regularly to simulate real-life events.
Ultimately, anyone who believes their business or managed service provider (MSP) is below the level of being targeted by cyber attackers is naïve. Ransomware gangs and nation state attackers now go after all sorts of different companies, so it’s critical that all organisations remain vigilant and implement security and back-up policies to protect employees and assets wherever they are based.