Sustained Cyber Attacks Are The New Normal

Uploaded on 2020-02-24 in NEWS-Cybersecurity News, FREE TO VIEW

With ransomware and other cyber attacks being at the forefront of the headlines in 2019, cybersecurity in 2020 is becoming an ever more pressing concern for organisation. 

Some businesses appear to be adjusting to the ‘new normal’ of sustained cyberattacks, but  there is much more to be done to protect your organisation.

This year began badly with geopolitical tension between the US and Iran, which set in motion, with the prospect that Iran would respond to this tension with a series of cyber-strikes. 

To date, Iran has developed destructive malware over the years and now has the capacity to destroy the integrity of data and systems. It has the technical acumen to conduct attacks against the West across numerous sectors, including energy, financial services, and critical national infrastructure, which is a reality that organisations need to be prepared for, bolstering their systems to defend against potential cyberattacks.

Even before this recent aggression, analysts foresaw that geopolitical tension and domestic terrorism would continue to manifest in cyberspace, ushering in an era of destructive attacks that could, be used to influence the 2020 US elections.  

In general, outside of geopolitical conflict and terrorism, malware continues to be a major threat.  In fact, it was the most prolific type of cyberattack UK businesses experienced in 2019, according to a recent  UK Threat Report from the experts at ITProPortal who found that 21 per cent reported seeing custom malware attacks most frequently and 10 per cent cited commodity malware. Altogether, 31 per cent of businesses reported malware to be the most witnessed attack type.

The Rise of Cloud-Jacking
ITProPortal conducted research to understand the challenges and issues facing UK businesses when it comes to escalating cyberattacks.  Its purpose is to identify trends in hacking and malicious attacks and the financial and reputational impact any breaches have had on organisations. 

The research found that humans are proving to be the weakest link in the cyber-defence chain.  Phishing attacks were the primary cause of attacks that resulted in a breach, with a third (33 per cent) of respondents affected.  Ransomware took second place with 20 per cent of businesses citing this as the primary cause.

ITProPortal forsee cloud-jacking and subsequent island hopping will become a more common practice in 2020 as attackers look to leverage an organisation’s infrastructure and brand against itself.

There will be a lot more cloud-jacking and island hopping via public cloud. They also predict an increase in mobile root kits, allowing hackers to gain full control over a victim’s device. These are rootkits that will give hackers control over other people’s mobile devices and allow them to manifest in the physical setting, like leveraging proximity settings on microphone, camera, location once they are in the device.  

Age of Cyber-Warfare
Greater awareness of external threats and risks have also prompted businesses to become more proactive about managing cyber-risks.  A survey carried out by UK cyber security firm Comtact  found that companies are tightening up on factors that they can control such as process weaknesses and, while 84 per cent reported being breached in the past 12 months and 90 per cent saw an increase in attack sophistication, 76 per cent of companies said they are more confident that they can repel cyberattacks today than they were a year ago.   

This is largely because cyber threat hunting is reaping benefits as teams identify threats that would previously have gone undetected.  

An increased level of investment with 93 per cent planning to increase their spending on cybersecurity which demonstrates that cybersecurity is maturing, and businesses are beginning to prioritise it effectively and right now, CEOs should be meeting with their CISOs to understand the vulnerabilities in their systems, asking them “do we have visibility across all of our devices? 

Cyber Security Actions
To combat cyber threats, organisations need the right people, processes and tools to secure your systems and data. All three need to work together for this to work. Hackers look for easy ways to break in to networks and weak passwords are a major vulnerabilty. Likewise, phishing is a major risk and organisations can reduce their risk with a cyber security improvement and employee training programmes that  your business.

The first step is to make sure your people know the basics of phishing scams, how ransomware infiltrates an organisation and how to protect themselves from email fraud.

Decison-makers need to identify their organisation's most critical vulnerabilities and address the biggest threats and types of infiltration most likely to affect their organisation.  This means developing an inventory on direct and indirect communications systems and hardware. It also means making your users aware of the vulnerabilities they themselves create, like choosing a weak password. 

If despite your best efforts, ransomware or a data breach manages to break through your systems and processes, you need to have a Major Incident plan that minimises downtime and wider business impact.


For more Information and advices please contact Cyber Security Intelligence.

ITProPortal:           ITProPortal:                 Comtact

You Might Also Read: 

The Scope Of A Cyber Security Audit:

Employee Training Is Vital For Commercial Cybersecurity:

 

 

 

« Cyber Security Salaries Rise As IT Breaches Increase
Canada's Government Breaks The Rules »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

SABSACourses

SABSACourses

SABSA is a development process used for solving complex problems such as IT Operations, Risk Management, Compliance & Audit functions.

Packet Storm

Packet Storm

Packet Storm is an online resource for security tools, whitepapers, exploits, and advisories on computer security issues.

Planit Testing

Planit Testing

Planit is a leader in Quality Assurance and a specialist in software testing and training services.

BaseN

BaseN

BaseN is a full stack IoT Operator. We control the full value chain in order to provide ultimate scalability, fault tolerance and security to our customers.

Military Cyber Professionals Association (MCPA)

Military Cyber Professionals Association (MCPA)

MCPA are a team of Soldiers, Sailors, Airmen, Marines, Veterans and others interested in the development of the American military cyber profession.

BlueVoyant

BlueVoyant

BlueVoyant's Cyber Defense Platform is security operations platform that provides real-time threat monitoring for networks, endpoints, and supply chains.

HCL Technologies

HCL Technologies

HCL offer an integrated portfolio of products, solutions and services built around Digital, IoT, Cloud, Automation, Cybersecurity, Analytics, Infrastructure Management and Engineering Services.

Xperien

Xperien

Xperien is a leading South African Information Technology Asset Disposition (ITAD) company.

Specops Software

Specops Software

Specops Software is a leading password management and authentication solution vendor.

Zercurity

Zercurity

Zercurity is on a mission to build the ultimate cybersecurity operations platform for businesses. To help protect against a growing number of internal and external threats.

SecureData

SecureData

SecureData provide professional data recovery services, digital forensics, data recovery software and FIPS 140-2 Level 3 Validated hardware encrypted drives.

HEQA Security

HEQA Security

HEQA Security (formerly QuantLR) offer the world’s most cost-effective, easy-to-integrate, and secure Quantum Key Distribution (QKD) solution

Acrisure

Acrisure

Acrisure is powered by the best of human and high-tech and offers insurance, reinsurance, real estate, cyber and more solutions to millions of clients around the world.

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.

AirMDR

AirMDR

Designed by experts, AirMDR solutions cater to the unique demands of security operations centers.