Cyberattacks are increasing as cybercriminals work hard to stay one step ahead of IT security departments and providers. Here are four major concerns and how to be better prepared for them:
1. Poor IT security practices
Despite the growing importance of cybersecurity in most companies, many still have lax security practices. This includes:
- Minimal password requirements
- Not using 2-factor authentication
- Failing to patch vulnerabilities promptly
- Using weak passwords
- Not encrypting sensitive data
These poor security practices give cybercriminals an easy way to gain access to systems and data.
How to be prepared
Organizations need to make sure that they’re doing everything possible to improve their cybersecurity posture. This includes implementing strong security measures, such as:
- Make sure all employees are aware of the importance of IT security
- Provide thorough, ongoing training on how to stay safe online
- Require 2-factor authentication and encryption
- Regularly testing their defense
2. Ransomware
Ransomware has been on the rise in recent years, and it’s only expected to become more prevalent.
This type of malware is typically used to encrypt a victim’s data and then demand a ransom be paid in order to decrypt it. Ransomware attacks can be extremely costly for businesses, with the average cost at almost $2 million per incident.
One of the biggest concerns with ransomware is that the attackers are becoming more sophisticated and are now targeting specific sectors, such as healthcare and critical infrastructure. This means that we can expect to see more targeted ransomware attacks in the future.
How to be Prepared
- Conduct thorough, timely back-ups
- Keep all systems up-to-date
- Develop and implement ransomware policies, including an incident response plan
- Provide thorough employee training on ransomware, including awareness & detection
3. Cloud Security Risks
Cloud-based services are often used to store sensitive data, such as customer information and financial records which represent huge security risks. If an attacker is able to gain access to this data, they could use it for malicious purposes. Another concern with cloud security is the fact that cloud-based services are often shared by multiple users. This means that if one user’s account is compromised, the attacker could gain access to the data of other users.
How to be Prepared
- Increase cloud storage authentication and identity requirements
- Tighten cloud access control
- Improve cloud encryption
- Provide secure cloud deletions
- Enhance cloud integrity checking
- Utilize data masking
4. “Malvertising”
The year ended and a new one started much the same way as every year with hackers trying new and old ways to accomplish their goals. One thing we saw particularly towards the end of the year is a new “Malvertising” cybercrime technique that uses Google Ads to target users who are trying to find and install legitimate software such as Grammarly, Malwarebytes, Slack, Zoom, and Java.
This technique uses typo–squatted domains that look authentic to the user. Most of the time, preventing users from getting to these sites is very difficult so that is where having a good response comes in.
How to be Prepared
- Implement Endpoint Detection and Response (EDR) or Managed Detection and Response (MDR)
- Use DNS filtering or Ad Blocking
Ready to learn more?
If you have questions or want to learn more about protecting your organization against cybersecurity threats, see our Cybersecurity Awareness Training Overview or get in touch with us!