The Top Cyber Security Threats Of 2021 & Tips On How To Defend Against Them
The Top Cybersecurity Threats for Businesses in 2021
Phishing is a hacking scheme that, in its most common form, appears to be a regular email from a legitimate source, using legitimate-looking links, attachments, business names, and logos. The email aims to persuade the recipient to perform an action, usually clicking a link or downloading an attachment.
Some email-based variations include “whale phishing” that are more targeted and primarily directed at company executives, and “spear phishing” that are targeted against a specific person.
Phishing attacks can also take non-email forms. “Smishing”, for instance, uses SMS messages to garner clicks to dangerous links, while “vishing” uses fraudulent phone calls and voice messages that pose as legitimate companies to the same end.
A more recent form of Phishing attack is “search engine phishing”, where hackers create fake online websites and rank on search engine results to steal user’s information.
In a recent study 86% of organisations reported having at least one user connect to a phishing site.
Malware, also known as malicious software, hacks devices by either slowing them down significantly or stopping them from working entirely. It destroys computer systems through software agents such as trojan malware, spyware, viruses, ransomware, adware, and worms.
Malware can be released into a computer by clicking an infected link, downloading a file or material from an unknown source, clicking a pop-up ad, or downloading an email attachment from an unknown sender.
Once malware is released into a computer system, hackers can gain access to your company’s network where they will usually target passwords, credit card numbers, banking data, personnel files, and other potentially valuable information.
Worryingly, over the last year, 35% of the malware attacks reported by businesses in the UK used previously unseen malware or methods of infection.
Ransomware is a specific form of malware that encrypts a user’s computer systems. Once a ransomware attack has been implemented, users can no longer access their systems or files. For users to re-access their systems, they’re required to pay a ransom fee to the cybercriminals.
Ransom transactions are often made through crypto currencies, such as Bitcoin, though cybercriminals may also request other methods of payment, such as Amazon gift cards. The ransom costs can range tremendously, depending on the target. However, many organisations that make the ransom payments still don’t retrieve access to their systems, and even if they do, have no guarantees that the attackers haven’t left other exploits in place, to attack again later.
Ransomware is often spread through a malicious download, often starting with a phishing email and, as such, an attack can be targeted to either individual employees or entire organisations.
Throughout the pandemic, over a third of UK companies reported being targeted by a ransomware attack.
A data breach occurs when sensitive data is stolen from a system without authorization from the system owner. Confidential user information can include but isn’t limited to credit card numbers, social security numbers, names, home addresses, email addresses, usernames, and passwords.
Breaches may be implemented through point-of-sale (POS) systems or a network attack. A network attack is likely to occur when cybercriminals identify a weakness in a company’s online security system and use the weakness to invade the system. Social attacks are also prevalent, where hackers fool employees into granting access to an organisation’s network. For instance, they may be tricked into downloading a harmful attachment or accidentally giving out login credentials.
Once a data breach occurs, businesses must take immediate action to contain the breach and resolve the issue. Failing to do so may result in a tarnished reputation and regulatory fines.
5. Compromised passwords
Compromised passwords most often occur when a user enters their login credentials unknowingly on a fake website. Common username and password combinations also leave accounts more vulnerable to attacks. Password reuse across multiple platforms can make your systems even more susceptible to hackers, leaving multiple accounts at high risk.
When creating passwords for company accounts you should always ensure that you use unique, hard-to-guess passwords.
However, 51% of people surveyed recently said that they use the same passwords for both their work and personal accounts.
3 Tips to Combat Cybersecurity Threats
1. Acquire the skills
Many organisations, particularly small- and medium-sized businesses, may struggle with staffing the right team to ensure an organisation is protected from the latest cyber threats and able to combat an attack.
Hiring a qualified security engineer or IT security manager can be expensive, so many businesses choose to find a 3rd party cybersecurity provider instead, often combining the outsourcing of IT support and cyber security services to the same provider.
Two advantages of working with an outside organisation are that they can provide 24/7 monitoring for attacks that can occur at any time, and they are experts that stay up to date on the ever-evolving landscape of cyberattacks.
2. Educate your team
Some best cybersecurity practices may seem obvious to most, but it’s important to educate your entire team and ensure everyone is on the same page.
Talk to employees about the importance of strong passwords, how to safely use a shared network, what your internet use guidelines are, and how to handle and protect customer data.
Train your team to recognize phishing attacks by looking for URLs or email addresses that are close but not exact, identifying language with misspellings or that feels a bit “off,” and being extra-cautious of requests for passwords or other personal information.
Even savvy security teams can fall prey to a cyberattack. Giving employees things to look for can help catch an attack quickly.
Cyber Awareness Training services, such as KnowBe4, can be a cost-effective and non-disruptive method to train your staff, using a combination of simulated attacks and targeted training direct to the users.
3. Have a cybersecurity policy
Your cybersecurity policy should be a living document that is updated as attacks evolve. However, the basics of a policy should include guidelines on protecting devices (including up-to-date operating systems, browsers, firewalls, and encryption), multi-factor authentication (not just strong passwords, but secondary methods of authentication), and data protection (including how to handle customer data and what is appropriate to send via email).
Your policies should be readily available to your employees and reviewed frequently to ensure the entire organisation understands and abides by the proper protocol.
Having a cybersecurity plan is more important than ever. With the number of cyberattacks always increasing, and more and more companies now employing some element of remote workforce, it is paramount that all companies — regardless of size — understand current cyber threats and what to do to prevent and combat them.
Having a plan that is executed thoroughly and reviewed regularly is the best first step to keeping company and customer information safe. Whether you build up in-house expertise or find a trusted outside partner, cybersecurity can no longer be a project set on the back burner. Understanding the latest threats and what to do to prevent them from impacting your organisation is key to protecting your business.
Are you concerned about cybersecurity for your business?
If you would like to know more about IT managed services that can drastically reduce your cybersecurity risk, get in touch with us.