The past two years have seen the rapid digitalisation of nearly every aspect of our lives.
Technology has infiltrated the way that we communicate, work, monitor our health and fitness, learn, shop and entertain.
While there are many advantages to having such devices and software to enable us to continue with our daily lives, it has brought about a surge in the number of cybersecurity breaches and scams being reported.
This wave of cybercrime has hit both individuals and businesses hard due to the perpetrators creating new sophisticated malware, identifying new techniques to avoid detection, and hijacking reputable software and brands as means to gain the trust of an increasingly cautious public in order to carry out successful scams.
By the end of the year, it is forecast that 6 trillion globally will be spent solely on tackling cybercrime!
As October is “Cybersecurity Awareness Month” this article is going to discuss the main cyber threat trends that we have witnessed over the past year and what businesses need to do to protect themselves moving forward.
1. Phishing in the Cloud
During 2021 the volume of Phishing emails and corrupted apps/sites hit an all-time high.
In the first three quarters of the year, 36 billion company records were exposed!
- 85% of breaches involved a human element
- 61% were due to stolen or compromised user credentials
- Social engineering was observed in over 35% of incidents
Based on the extensive reports and statistics published by leading cybersecurity bodies it was found at least a minimum of 36% of cyber breaches experienced by organisations worldwide was a result of individuals falling prey to phishing emails.
In a workplace context phishing scams usually involve an employee receiving an email that appears to be from a trusted source.
It might feature the hallmarks of a genuine email such as logos and signatures identical to the business or client.
The email will include a link or attachment which once clicked or opened, will redirect the recipient to another site where the login credentials will be harvested.
Alternatively the email might request a payment to be made to a fraudulent account to clear an outstanding invoice.
As you can see this method of obtaining credentials can be an effective way to gain access to a business or organisations’ I.T. system once executed properly.
Over time phishing emails have evolved from clearly identifiable spam to something more insidious which can cause businesses a lot of grief and expense.
When a cybercriminal has access to an Office 365 account they can read and send numerous convincing phishing emails to specific staff members. This is also referred to as BEC (Business Email Compromise).
One form of Phishing that has become popular is Cloud-phishing.
- First a phishing email is sent to the target with a link to a legitimate cloud hosting service.
- Once clicking on this link, the employee will find a fake invoice or document attachment.
- As the document is held within the Cloud, once clicked on will automatically open in the browser and not notify or alert the individual that they are being redirected to another page/site outside of the hosting service.
- The victim is unaware of this and will proceed to input their Office 365 credentials into the fraudulent login page that appears. It is at this point that their login details are stolen.
The reason why using this phishing tactic is successful is because using a legitimate Cloud service provides an element of credibility to the initial email. Also, the document looks like a standard MOS file that staff deal with on a daily basis so there are no obvious warning signs.
Usually, if a file containing a link to an external website or page is opened outside of the Cloud, applications such as Adobe will notify the user. However, in this scenario, the phishing email avoids raising suspicions.
Cloud Jacking or Cloud-hijacking is a term used in relation to a cyberattack in which a business’s Cloud account is accessed by an unauthorised party.
Similar to the previous topic discussed Cloud -jacking usually occurs when an Office 365 account has been compromised giving the cybercriminal or hacker the opportunity to sift through the wealth of information that is stored within the business’s Cloud and set about wreaking havoc as they wish.
Once a cybercriminal has access to the cloud, they may decide to lay low, observe and take notes on how best to exploit the business.
From this vantage point, numerous BEC or phishing emails can be sent, and payments can be made to clear fraudulent invoices.
Alternatively, they can delete, encrypt, and install malware. This scenario can have a crippling effect on businesses if they do not have a secure backup of their data elsewhere.
It is important to remember that saving documents to a standard Cloud platform is not backup.
Here documents can be deleted and edited so it is vital that businesses understand fully how to differentiate between both.
While these services are fully aware of the risks associated with their product and try to provide their customers with high levels of security it should never be assumed that these are the default settings on your account.
In fact, cybersecurity experts agree that it is the misconfiguration of those settings by users is that is the main cause of cloud account breaches.
Businesses should get an I.T. specialist to configure the settings on all of the software that is used across the board to ensure that the security level is high, reducing the risk of an external breach.
In order to protect against an internal attack staff training relating is essential, to minimise the chances of a successful phishing email causing a security scare. *(1) https://www.magnify247.com/cloud-jacking-keep-safe/
According to Gartner, 99% of cloud security incidents through 2025 will be the customer’s fault.*
3. Exploitation of Remote Working & Mobile Devices
Work is no longer confined to the office; advanced technology has enabled us to have more flexibility and conduct daily business on the move across multiple devices.
While there are advantages to having the option to work remotely, access files and emails while commuting or travelling there are drawbacks.
The most pressing concern is managing and maintaining a high level of security across an entire team of staff and the various devices on which they access the business’s I.T. system. Desktops, laptops, tablets, phones……the list grows!
In recent times there has been more of a need for businesses to establish a VPN. However, like all software VPNs have vulnerabilities that are ready to exploit.
In fact, 23,000 software vulnerabilities are reported each year! Many businesses have admitted that due to the rush to enable a more flexible workplace during Covid that they had not fully considered the risk posed by lack of robust I.T. policies and procedures for staff or not getting professional advice on how to manage their VPN network and connected devices safely.
It is always recommended to refer to an I.T. consultant when investing in your security as they can offer guidance as to what measures are required to ensure that software is configured correctly and all devices are being monitored and updated regularly.
There is no point in spending a large chunk of the budget on software and devices if their security settings are not fully optimised.
A systematic approach needs to be taken to reduce the chances of a breach. Staff must fully understand the implications of not following policies and procedures correctly through workplace awareness and training.
A study conducted by PWC found that employees — especially those of the millennial generation (51%) and generation Z (45%) admit to using applications and programs on their work devices that their employer has expressly prohibited.
Human error accounts for the main cause of a potential security breach there is no excuse for lax rules and misuse of devices.
The key steps to maintaining a safe network perimeter are:
- Avoid the use of personal devices for work
- Ensure that security settings on VPNs, cloud-based software, online accounts etc. are configured properly and maintained.
- Keep an up-to-date Back-up
- Use Multi-factor authentication where possible across business accounts
- Provide cybersecurity training to staff and implement strict policies & procedures
There is a growing market for Ransomware on the DarkWeb which has resulted in a significant increase in the number of reported cases of attacks made on businesses, especially those in sectors that hold a significant amount of confidential data.
Cybercriminals are not only encrypting I.T. systems and demanding payment but also threatening to release sensitive information which could fatally harm the business and expose clients’ data.
The threat of heavy GDPR fines and possible legal action taken by those affected by the breach are used to instil fear and anxiety into business owners. This is known as a “double exploit” and is now the standard approach favoured by cybercriminals.
In 2021 and beyond, a business will fall victim to a ransomware attack every 11 seconds, and ransomware damage costs will rise to $20 billion – 57 times more than in 2015.
It has never been more important to be vigilant against cybercrime, if the levels of reported cases continue to rise at the current rate and steadily grow as we approach 2022 it is vital to take action now!
Protecting your business, staff and clients does not have to be expensive, by contacting an I.T. Consultant you can make the most out of your budget.
Only with the right guidance and expertise on hand can your business greatly reduce the risk of a security breach which results in a much larger cost in the long term.