The number of cyber attacks reported between 2021 and 2022, after the onset of the COVID-19 pandemic, is significantly higher than previous years. The business landscape has evolved in response to lockdowns and disruptions caused by the pandemic, and has caused an increase in remote and hybrid working.
Although this has yielded many positive results for employees and businesses, it’s also led to compromised security through factors such as reduced endpoint security.
According to a recent survey from Insights for Professionals, businesses report that laptops, tablets and mobile devices are their most vulnerable endpoints - which are the devices we rely on to work.
But with so many types of attack, and criminals constantly evolving their tactics, what sort of threats should businesses be looking out for, and how should they go about defending themselves?
- Cloud security
- Data loss
- Password attacks
- Insider threats
- Network vulnerabilities
Here are ten of the most common issues, and what to do about them.
1. Malware (including fileless malware)
Perhaps the most basic and familiar threat to many users, malware covers a wide range of unwanted programs that can cause any number of issues for a business, from destroying data to sapping resources by turning machines into botnets or cryptocurrency miners.
In 2021, over five billion malware attacks were logged by SonicWall, with the overall number of attacks rising by a whopping 232% since 2019. In fact, 64% of IT leaders cited malware as the biggest security challenge they’re facing this year.
There are a few key categories, such as viruses, which seek to replicate and spread as widely as possible, Trojans, which gain entry to networks by disguising themselves as legitimate applications, and spyware, which looks to monitor an employee's usage to gather sensitive data.
But it’s important to be aware of other types of threat such as fileless malware which infects devices through legitimate software and leaves no footprint. Unlike regular malware, fileless malware can be installed on a system without needing an attacker to install it, which makes it notoriously difficult to detect.
Protecting against malware
Defending against these multitude of threats is no easy task, which is why having strong antimalware tools is paramount. There are hundreds of tools out there claiming to offer protection, but organizations need to ensure the solutions they choose can detect even previously unknown malware by spotting their key characteristics - for example, a program that tries to hide once installed. It's also essential this is kept up to date and is able to scan every potential entry point to a network, from emails to USB flash drives.
Learn more: Getting Started With Malware Analysis
The majority of businesses, both small and large, work in the cloud. From reduced IT costs to improved scalability and easier collaboration - there are plenty of reasons most modern organizations rely on cloud computing. However, it’s not without its own set of challenges.
Cloud security is one of the main cybersecurity threats businesses are facing this year, with 57% agreeing that it’s the most significant threat after malware. Some of the main concerns businesses must be aware of when it comes to cloud security include account hijacking, misconfigurations, external data sharing, data loss/leakage, unauthorized access and insecure interfaces/APIs. For more insights, access the State of Cloud Security report here.
Protecting against cloud threats
Implementing robust cloud security practices can help protect against the various threats and vulnerabilities to ensure your infrastructure and data is secure. From securing user endpoints to implementing encryption and highlighting the importance of good password hygiene, getting cloud security right requires attention to detail. It’s also important to ensure you choose the right cloud provider from the get-go, which will take some of the weight off your shoulders when it comes to ensuring your company’s and customers’ safety in the cloud.
One of the most common types of social engineering threat, phishing typically involves sending emails that purport to be from a recognized and trusted source, usually with a fake link that invites them to enter personal details into an online form. Some 51% of IT professionals agree that phishing and other social engineering attacks are the biggest challenges they face this year.
These are often designed as ways to get access to financial data or username and password combinations, but they can do more than that - especially with the more targeted 'spear phishing' variety, which will be tailored precisely to an individual recipient.
For example, in April 2021, security researchers discovered a Microsoft 365 phishing scam that steals user credentials. This Business Email Compromise (BEC) attack works by sending emails with disguised .html files attached. Once the user opens this file, they’re directed to a website that contains malicious code and told that they’ve been logged out of Microsoft 365 and invited to log in again. Once they do this, the user’s credentials are sent to the fraudsters in charge of the scam.
Protecting against phishing
Effective email security tools can help reduce the likelihood of such emails getting through, but they're not 100% effective. Therefore, user education is the best way to tackle this threat. By training people to be wary and spot the telltale signs of a phishing attempt, firms can ensure their employees are not handing over valuable data to anyone that asks for it.
A specific type of malware, ransomware works by encrypting key files on a machine or network, then demanding a payment - usually in the form of Bitcoin or another cryptocurrency - to make them accessible again. This is a relatively simple form of attack, but it has the power to be hugely disruptive, as was seen with the 2022 Swissport incident. A significant 42% of companies report ransomware as the biggest cybersecurity challenge they face this year.
Depending on the particular type of ransomware used, an attack may encrypt certain file types that make it impossible to access critical business information, or block vital system files that prevents a computer from booting up altogether.
Protecting against ransomware
To defend against ransomware, prevention is certainly better than a cure. Indeed, once files are encrypted, there’s often nothing firms can do to get them back without paying a ransom, or waiting and hoping a key is released publicly. Therefore, as well as normal antimalware procedures, an essential defense is to ensure all key files are safely backed up away from the primary network.
Machine learning can also be leveraged by IT professionals to protect against ransomware attacks. This technology has the power to infer and predict attacks, and allows for the constant monitoring of malicious activity allowing them to detect and prevent malware from spreading through the file system.
5. Data loss
Data is frequently described as the new oil, and for many hackers, the ultimate aim of their efforts will be to steal it in order to sell it on the dark web for use in identity fraud, blackmail or as part of corporate espionage.
With data the lifeblood of all business operations today, it’s no wonder that 26% of companies consider data loss to be the biggest cybersecurity threat they’re facing this year. Whether it's social engineering or hacking into a database using known vulnerabilities, getting data out of an organization is often the final step of any attack.
Protecting against data loss
It may be the case that hackers can sit inside a network for months looking for the most valuable information and waiting for the right time to act, so even if a firm's perimeter has been breached, there are still measures businesses can take to protect themselves from the most serious consequences - but to do this, they'll need good data loss prevention tools.
This usually refers to a series of measures designed to look for suspicious activities and block the access and exfiltration of data by unauthorized users. It may monitor endpoints and send out alerts if data is copied or transferred outside of normal, approved processes.
Learn more: 3 Ways to Reduce the Risk of Data Loss
Password attacks refer to the different methods used by hackers to maliciously authenticate, enter and steal data from password protected accounts. We all know about the importance of choosing a secure password, but more is required to prevent cybercriminals cracking them. Typically, these attacks are carried out by exploiting vulnerabilities in the system and using software to speed up the password-cracking process.
The most common types of password security attacks include:
- Brute forcing
- Dictionary attacks
- Password spraying
One recent example of a password breach was a supply chain attack that involved software from SolarWinds. The attack compromised U.S. government agencies as hackers exploited an unnoticed vulnerability in their cybersecurity provider’s network monitoring software. This allowed them to infiltrate companies reliant on SolarWinds software and access their confidential email communications.
Protecting against password attacks
Beyond educating employees on the importance of using strong passwords to prevent putting your company at risk, there are several other best practices to be aware of to ensure you’re protected against password attacks. These include using multi-factor authentication (MFA) that requires users to provide more than a single piece of information to gain access, as well as running regular penetration tests (pen tests) to assess the security of your system.
It's often said that the biggest weakness in any security system is the part sitting behind the keyboard. While many of the above threats can be assisted by careless employees who don't follow basic security guidelines, you should also be taking steps to ensure your employees can't harm the business deliberately, as well as accidentally. Although it’s not the top cybersecurity concern, 17% of companies still consider protecting against insider threats a significant challenge this year. Malicious insiders who are looking to extract data or damage systems are a threat that any business may face, and it can be tough to predict, so it pays to take precautions.
Ensuring all employees have the right level of access is the first step. Restricting users to only the applications and data they need to do their job can be a great help - but of course, it will not stop privileged users and those who have a legitimate need to access sensitive information. It’s also important to hold security training sessions to make sure your staff are aware of insider threats and the risk they pose.
Therefore, this needs to be backed up with effective monitoring that can quickly identify any unusual or suspicious activity and shut it down, or challenge users to confirm they have a genuine reason for their actions.
Learn more: A Privileged Access Management Guide
Distributed Denial of Service (DDoS) attacks involve an attacker flooding a system - often a web server - with traffic requests until it simply can’t cope with the volume of requests it’s being asked to deliver, with the result being that it slows to a crawl and is effectively taken offline. This is a particularly tricky form of attack to deal with as it takes little skill to pull off and doesn’t require attackers to actually breach a firm's perimeter, which is likely what renders it the biggest cybersecurity challenge for 10% of companies. Indeed, botnets that provide the resources needed to launch a DDoS attack can be bought on the dark web for just a few dollars.
Until recently, DDoS attackers were regarded as more of a nuisance than a serious threat to firms. They might take a website offline for a few hours, which would certainly have an impact on revenue for digital-focused firms, but that was about the limit of their impact. Now, however, the landscape is different. Sustained botnet attacks are bigger than ever before and can last for days or weeks rather than hours, and they're also increasingly used as a cover for other attacks, such as data exfiltration, rather than being an end in themselves.
Protecting against DDoS attacks
Therefore, preventative and remedial measures must be taken. While companies can take several steps themselves, such as bandwidth buffering, having a DDoS mitigation service can be the most effective defense.
In 2021 the largest DDoS attack ever was recorded when Microsoft mitigated an attack involving an Azure customer with a throughput of 3.45 Tbps and a packet rate of 340 million PPS. Once detected, it’s vital to trace the source of the attack to ensure you won’t simply fall victim to it a second time. You can do this by working with cybersecurity professionals and law enforcement experts to ensure your business is protected in the future.
Enterprise networks are getting ever-more complex, and that means the number of potential vulnerabilities within them is on the rise. Issues such as zero-day attacks, SQL injections and advanced persistent threats all seek to take advantage of weaknesses in code that can allow hackers to gain access to a network in order to plant malware, exfiltrate data or damage systems.
One of the main ways hackers do this is by taking advantage of outdated and unpatched software, so ensuring all systems are up-to-date is vital in guarding against many of these attacks. Yet it's something that many businesses still fail to do, with one in three data breaches originating from vulnerabilities left by unpatched software.
Protecting against network vulnerabilities
To defend against vulnerabilities, a good patch management plan is essential, especially as network sprawl continues to be an issue. This can be challenging, but many of the tasks involved in this can now be automated with the help of modern patch management tools and applications.
Formjacking is among the most recent types of cyber security threat. It occurs when hackers inject malicious code into a web page form to collect sensitive data. They most often occur on payment page forms, so that when a user inputs their payment information the attacker can collect the card number, address, customer name and phone number. This is part of a group of cyberattacks known as supply chain attacks.
Protecting against formjacking
To ensure your customer data is secure, make sure that you’ve implemented robust antivirus software and use MFA to protect accounts. This will make it more challenging for hackers to infiltrate your web pages.
What security solutions are IT professionals prioritizing?
There are numerous steps businesses must take to ensure their IT security is up to scratch and effectively protecting various aspects of their digital infrastructure. Today, IT professionals are taking a holistic approach to cybersecurity, ensuring that their companies are protected at every level to identify and mitigate threats before they arise. There are various types of cybersecurity tools, and it can be challenging to understand which ones to prioritize.
For instance, essential cybersecurity software include:
- Network security monitoring solutions: Built to detect and analyze potentially malicious activity within your network
- Encryption tools: Encrypts data and files to keep sensitive information secure
- Antivirus software: Prevents, detects and deletes malware from your devices
- Firewall software: Monitors and filters traffic to and from your network
- Penetration testing tools: Used to assess the security of your network and highlight any vulnerabilities
- Web vulnerability scanning tools: Automated tools designed to scan and detect security threats within website applications
These are just some of the essentials of an IT professional’s toolkit, and it’s important to ensure all of your bases are covered to protect against the various types of threats.
- The Hybrid Workplace is Here. But What are the Potential Security Risks?
- How to Create a Successful Cybersecurity Plan
- 3 Types of Encryption to Protect Your Data
Access the latest business knowledge in IT
Join the conversation...