Sustained Cyber Attacks Are The New Normal

With ransomware and other cyber attacks being at the forefront of the headlines in 2019, cybersecurity in 2020 is becoming an ever more pressing concern for organisation. 

Some businesses appear to be adjusting to the ‘new normal’ of sustained cyberattacks, but  there is much more to be done to protect your organisation.

This year began badly with geopolitical tension between the US and Iran, which set in motion, with the prospect that Iran would respond to this tension with a series of cyber-strikes. 

To date, Iran has developed destructive malware over the years and now has the capacity to destroy the integrity of data and systems. It has the technical acumen to conduct attacks against the West across numerous sectors, including energy, financial services, and critical national infrastructure, which is a reality that organisations need to be prepared for, bolstering their systems to defend against potential cyberattacks.

Even before this recent aggression, analysts foresaw that geopolitical tension and domestic terrorism would continue to manifest in cyberspace, ushering in an era of destructive attacks that could, be used to influence the 2020 US elections.  

In general, outside of geopolitical conflict and terrorism, malware continues to be a major threat.  In fact, it was the most prolific type of cyberattack UK businesses experienced in 2019, according to a recent  UK Threat Report from the experts at ITProPortal who found that 21 per cent reported seeing custom malware attacks most frequently and 10 per cent cited commodity malware. Altogether, 31 per cent of businesses reported malware to be the most witnessed attack type.

The Rise of Cloud-Jacking
ITProPortal conducted research to understand the challenges and issues facing UK businesses when it comes to escalating cyberattacks.  Its purpose is to identify trends in hacking and malicious attacks and the financial and reputational impact any breaches have had on organisations. 

The research found that humans are proving to be the weakest link in the cyber-defence chain.  Phishing attacks were the primary cause of attacks that resulted in a breach, with a third (33 per cent) of respondents affected.  Ransomware took second place with 20 per cent of businesses citing this as the primary cause.

ITProPortal forsee cloud-jacking and subsequent island hopping will become a more common practice in 2020 as attackers look to leverage an organisation’s infrastructure and brand against itself.

There will be a lot more cloud-jacking and island hopping via public cloud. They also predict an increase in mobile root kits, allowing hackers to gain full control over a victim’s device. These are rootkits that will give hackers control over other people’s mobile devices and allow them to manifest in the physical setting, like leveraging proximity settings on microphone, camera, location once they are in the device.  

Age of Cyber-Warfare
Greater awareness of external threats and risks have also prompted businesses to become more proactive about managing cyber-risks.  A survey carried out by UK cyber security firm Comtact  found that companies are tightening up on factors that they can control such as process weaknesses and, while 84 per cent reported being breached in the past 12 months and 90 per cent saw an increase in attack sophistication, 76 per cent of companies said they are more confident that they can repel cyberattacks today than they were a year ago.   

This is largely because cyber threat hunting is reaping benefits as teams identify threats that would previously have gone undetected.  

An increased level of investment with 93 per cent planning to increase their spending on cybersecurity which demonstrates that cybersecurity is maturing, and businesses are beginning to prioritise it effectively and right now, CEOs should be meeting with their CISOs to understand the vulnerabilities in their systems, asking them “do we have visibility across all of our devices? 

Cyber Security Actions
To combat cyber threats, organisations need the right people, processes and tools to secure your systems and data. All three need to work together for this to work. Hackers look for easy ways to break in to networks and weak passwords are a major vulnerabilty. Likewise, phishing is a major risk and organisations can reduce their risk with a cyber security improvement and employee training programmes that  your business.

The first step is to make sure your people know the basics of phishing scams, how ransomware infiltrates an organisation and how to protect themselves from email fraud.

Decison-makers need to identify their organisation's most critical vulnerabilities and address the biggest threats and types of infiltration most likely to affect their organisation.  This means developing an inventory on direct and indirect communications systems and hardware. It also means making your users aware of the vulnerabilities they themselves create, like choosing a weak password. 

If despite your best efforts, ransomware or a data breach manages to break through your systems and processes, you need to have a Major Incident plan that minimises downtime and wider business impact.


For more Information and advices please contact Cyber Security Intelligence.

ITProPortal:           ITProPortal:                 Comtact

You Might Also Read: 

The Scope Of A Cyber Security Audit:

Employee Training Is Vital For Commercial Cybersecurity:

 

 

 

« Cyber Security Salaries Rise As IT Breaches Increase
Canada's Government Breaks The Rules »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TrustedIA

TrustedIA

TrustedIA is a cyber and protective security company. Our mission is to help businesses protect themselves from disruptive events that can impact their successful operation.

SSH Communications Security

SSH Communications Security

SSH Communications Security is a leading provider of enterprise cybersecurity solutions for controlling trusted access to information systems and data.

InfoSec World

InfoSec World

InfoSec World conference and expo covers all aspects of information security with a broad agenda of sessions on key security issues.

Independent Security Evaluators (ISE)

Independent Security Evaluators (ISE)

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research.

Truepic

Truepic

Truepic provides technologies that prevent fraud, identity theft, misinformation, and disinformation caused by generative, manipulated, or deepfake digital content.

Herbert Smith Freehills

Herbert Smith Freehills

Herbert Smith Freehills is a leading professional services including data protection and privacy.

IBA Security

IBA Security

IBA Security is a center of competence consolidating the cybersecurity expertise of the IBA Group.

Simply Hired

Simply Hired

Simply Hired is a job search engine that collects job listings from all over the web, including company career pages, job boards and niche job websites.

Albania Lab

Albania Lab

Albania Lab is a consulting company focused on the development and delivery of digital solutions and IT services including cybersecurity.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

iVision

iVision

iVision is a technology integration and management firm that engineers success for clients through objective recommendations, process and technology expertise and best-of-breed guidance.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

Memcyco

Memcyco

Memcyco is a provider of cutting-edge digital trust technologies to empower brands in combating online brand impersonation fraud, and preventing fraud damages to businesses and their clients.

Levio

Levio

Levio is a digital native business and technology consulting firm. As a true partner from start to finish, our goal is a long-lasting transformation that’s right for your business model.

CyberForce Global

CyberForce Global

CyberForce Global are at the forefront of start-up technology recruitment in areas including cybersecurity, IT infrastructure, software, fintech, blockchain and more.

7AI

7AI

7AI is the first agentic security platform that harnesses the speed, swarming capabilities, and power of AI to finally give defenders the advantage over evolving threats.