Thanks to the ever-evolving nature of our industry, it can be incredibly difficult to stay on top of the latest cyber security trends and avoid falling victim to an attack. The last 12 months in particular carried a great deal of change for the world of cyber security and the pace of change isn’t set to slow anytime soon. We are likely to see an uptick in cybercrime as malicious actors come up with new ways to attack businesses both large and small. To help our fellow cyber security professionals with their strategies for the year ahead, we’ve highlighted some of the key threats we believe you should be keeping an eye on over the next 12 months…
The number of phishing attacks is growing, and the methods that criminals use are becoming increasingly sophisticated. Thanks to the accessibility of artificial intelligence, these attacks are also becoming easier to launch on a much wider scale, making phishing scams more accessible to even the least educated cyber criminal. Last year, the cyber security company SlashNext revealed they’d been tracking phishing attacks for six months and had found more than 255 million attacks - a 61% increase when compared to the same six months in 2021. What’s more, phishing attacks no longer solely rely on targeting emails - they’ve also been carried out over SMS messages, WhatsApp, and even platforms like Slack and Microsoft Teams. A report by Acronis found that phishing attacks accounted for 76% of all cyber attacks in 2022 - and they estimated that the average cost of a data breach could reach $5 million (£4.1 million) this year.
At Infosec K2K, we can work with you and your business and help you to adopt cyber security best practices that can actively prevent phishing attacks. We take a proactive approach, and offer cyber consultancy services to our customers. From policy development and incident response, all the way to the creating and implementing a tailored cyber security management framework, our team of consultants can help you either remotely or face-to-face. They’re trained to meet the varying needs of our global customers, so no matter what industry you’re in, or the size of your business, we’ll do everything we can to keep you and your organisation secure.
Despite the decline in malware attacks we saw back in 2020, this classic method of cyber attack is on the rise once again. The cyber security company Acronis expects global ransomware damages to exceed $30 billion this year (that’s around £24.9 billion). This rise in popularity is largely down to the success of the MaaS industry, which makes it easier than ever for malicious actors to get their hands on these kinds of tools. Leasing out MaaS has become a lucrative source of income for many cybercrime organisations, allowing practically anyone to launch a malware-based attack. In fact, it was revealed by the Atlas VPN research team that some of the most damaging ransomware tools can be bought on the dark web for as little as $66 (£54). Plus, with AI tools becoming more and more popular, ransomware attacks can now be entirely automated, taking out all of the legwork and making MaaS far more attractive to anyone looking to make a quick buck.
With our managed cyber security services, we can keep your network safe from even the most sophisticated malware-based threats. The experts at our Security Operations Centre (SOC) can monitor your network 24/7, and identify and eliminate any threats before they can do any damage. Running and managing a SOC alongside your business can be challenging, but by outsourcing your managed cyber security services to us, we can save you time and money - and ensure no cyber threat goes unnoticed by alerting you of any incidents.
Business email compromise (BEC) attacks are on the rise - and they are expensive. These attacks alone resulted in over $43 billion (£35 billion) in losses between June 2016 and December 2021. They’re targeting businesses of all sizes, too - one of the biggest BEC scams targeted Facebook and Google between 2013 and 2015, in which they lost over $121 million (£98 million). BEC attacks target companies by using fake domains or impersonating trusted email addresses, and while in the past these scams typically targeted high-level executives, they’re increasingly being sent to mid-level employees instead.
One of the best ways to avoid these kinds of attacks is by always checking the email address if an email seems suspicious. Criminals will do everything they can to make their email seem as legitimate as possible, such as using a ‘1’ or a lowercase ‘L’ in an email instead of an ‘I’. By enabling multi-factor Authentication (MFA), you can also ensure criminals can’t access your email. With our Identity and Access Management services, we can give you the tools and technologies you need to control access to your network, and track users’ activity. Once each user has a digital identity, we can make it easier for you and your IT team to change their role, grant or deny them access privileges, and enforce new security policies, giving you complete control of your network.
As one of the very few attacks that can be carried out entirely undetected right up until the damage is done, the number of zero-day attacks has risen in recent years. Last year it was revealed that 40% of the zero-day attacks from the last decade had taken place in 2021 alone. The most frequently targeted companies are Microsoft, Google, and Apple, but that doesn’t mean that the rest of us are safe. One of the most famous - and most damaging - examples of a zero-day attack is the Stuxnet worm, which has since been dubbed ‘the world’s first digital weapon.’ First uncovered in 2010, this attack was designed to target a vulnerability in Windows computers. It was so impactful that it completely disabled Iran’s nuclear program, infecting roughly 200,000 computers around the world. In many recent cases, threat actors have auctioned discovered vulnerabilities, selling some of them for millions of dollars.
At Infosec K2K, we can help you to stay one step ahead of zero-day threats by monitoring your network for any potential vulnerabilities. We’ll help you to identify any weaknesses or areas of concern before they become an issue, and with our Penetration Testing, we’ll ensure your system is watertight. We’ll also conduct an internal assessment of your network and identify any weaknesses that a cyber attack could potentially breach. As well as identifying any cyber security issues, our team will recommend how to address them, so that your network isn’t left exposed in the future.
With the cyber security landscape constantly shifting, it can be hard to keep up, but we can help you stay cyber-safe and bolster your cyber defences.
Whether you’re looking for help assessing your organisation’s vulnerabilities, or the development and implementation of a full-blown cyber security strategy (with all the ongoing support you need to keep it going), we’ve got it all.
Get in touch with us to find out more or get started.