In recent years, ransomware attacks have been on the increase. The hackers infiltrate the systems and encrypt the data they find. Then they request ransom from the organisation in order to decrypt it.
In March 2020, ExecuPharm was attacked with ransomware, and the hackers threatened to publish their data on the dark web if the ransom wasn’t paid. They were true to their threat and published emails, financial records and database backups.
A report produced by Cyberedge Group in 2020 shows that as many as 58% of victims actually pay the ransom but only 67% report retrieving their data.
By having anti-ransomware software installed and kept up to date can prevent your organisation from ever being in a situation where you have to decide whether to pay up or take the risk.
Machine learning capabilities
Many of the security breaches which affect businesses are down to human error rather than a breakdown in systems.
Therefore, machine learning capabilities (ML) are being utilised more to try to counter the human factor. ML can scan huge amounts of data and identify potential and actual threats before they happen, meaning they can be dealt with in real-time.
Security tools/ protocols
The tools used to fight ever-developing cybercrime and cyberattacks have to constantly adapt too.
Prevention of hackers and cyberattacks is far preferable to firefighting when it happens and therefore systems testing is important in the fight against cyber crime.
Penetration testing tools are constantly evolving and will help to identify the weaknesses in your digital security before the hackers do. Other tools such as password auditing and packet sniffers will scan your network protocols searching for vulnerabilities as well as testing password strength.
Encryption tools are an essential weapon in cybersecurity, as it ensures anything being sent over a network is encrypted and can only be decrypted by the recipient adding another layer of defence against unauthorised access.
Artificial Intelligence (AI)
Artificial Intelligence (AI) is being used by both cybercriminals and cyber defence with both teams having the same resources but using them differently.
AI is used in cyber security to identify new threats and the effectiveness of the responses to them and can therefore block attacks before they happen.
AI is used to spot patterns of behaviour and therefore identify when something seems ‘off’ and recognises it as a possible attack. However, it is also being used by hackers in order to make it easier to get past the security systems in place. It is thought that AI will be increasingly used as a means of gaining personal details (i.e. credit card details) and spam phishing emails.
A modern smart home is a wonderful place, which is convenient, simple and everything is available and accessible at the touch of a button or a voice command. However, the Internet of Things (IoT) devices are as vulnerable to viruses and hackers as your business computer.
Such devices hold a great deal of personal information such as credit card details, addresses, and dates of birth which can be used in ransom attacks, malicious targeted attacks, identity theft or even home break-ins. If your smart home has remote access to door and window locks, for example, you want to ensure the security protecting that capability is robust.
Smart speakers can also provide hackers with a great deal of information as should they be able to bypass security they can issue their own commands, access earlier recordings, or even ‘listen’ to you in your home.
Treating your smart devices with the same care as you would your PC can protect you from these threats.
There is a lot of discussion surrounding 5G and its capabilities and how this will increase the use of IoT devices. Whilst this is great news for the general populace in terms of time-saving devices and convenience it is a double-edged sword as the IoT devices increase the network vulnerability making them susceptible to attacks.
Extra security will need to be put in place to ensure data being presented is protected.
Many people are aware of phishing emails and how they try to con people into providing personal details through links to copies of genuine login pages. However, such campaigns are no longer limited to emails and have migrated to mobile phones, SMS, MMS, messaging services, and social media.
They use the same tactics, but people are more likely to trust something that has come through to their mobile rather than their email provider. Therefore, the same rules apply; don’t click on links sent over SMS and check they haven’t used URL Padding to obscure the malicious web address. When in doubt go to websites the way you would usually access them (e.g. mobile banking app).
Multi-factor authentication is becoming more common in 2020 for all logins, which requires registered users to use a password plus a pin code, fingerprint or eye-dent to access the data.
Deep fake technology
Deep fake technology is very difficult to spot and essentially refers to a technology which can make the public believe something is real when it isn’t – for example manipulated videos which appear and sound real.
These are simple to produce with a computer and the internet, meaning it is widespread across the globe. Deep fake technology is a form of artificial intelligence; in particular a set of algorithms which can learn and make decisions.
This technology is particularly dangerous for the spread of misinformation which could have many different uses.
Social media risks
Social media is an increasing player in the cybersecurity game with businesses and individuals taking advantage of the platforms to promote their businesses, keep up with friends and family, and consume news.
The primary risk (and the primary goal) of social media is personal data. A great deal of personal data can be obtained through a social media account including name, job title, location and email address; all enough to set up fake accounts. These can then target your connections with ransomware or viruses which appear to have come from you meaning more people will trust them.
Brand impersonation is also a big problem on social media which can cost your organisation dearly in reputation and financial terms if this impersonator is taking money from your clients for goods/services they will never receive.
There are security measures built into the social media platforms, but they are not at their securest as a default – it is necessary to go into settings and ‘lock the account down’. Additionally, don’t use social media accounts on unsecured networks and be a little picky about what you click on and who you connect with.
When it comes to cyber security solutions you can never do too much. Cyber criminals are always striving to overcome the measures in place and therefore the security required is constantly changing to keep up. If you would like to speak to a member of the CIS team about reducing your cyber security risks contact us today.