You’ve probably heard it all before. That the threat landscape is constantly changing, and cyber criminals are creative little critters engaged in a constant arms race with the good guys (that’s us!), to gain unauthorised access to systems and applications for financial gain. But here’s the thing. It’s true!
It’s all too easy to believe that if you haven’t suffered a breach yet, the chances are you won’t in the future. But the recent changes to working practices – such as the surge in home and remote working – and the rise of new technologies such as Cloud computing, mean that the attack surface has expanded way beyond the perimeter of your own network. All too often organisations adopt a new technology or practice with the best of intentions, but without taking the cyber security implications into account. They then find themselves open to an attack, and on the backfoot when it inevitably occurs.
Below we’ve rounded up the top five threats your organisation needs to be aware of right now, regardless of size or industry. By adopting a comprehensive and transparent cyber security posture, and educating users of their role in protecting data and technology assets, your organisation can significantly decrease its cyber security risk.
Cloud security threats
Arguably the biggest current threat is to the security of cloud-based apps, e.g. Office 365. In recent times we’ve seen organisations rely more heavily on cloud applications and storage, but the more an organisation relies on the cloud the more the risk grows. Not because cloud applications are inherently unsafe, rather that traditional IT security is geared around securing the local network and infrastructure.
As soon as you start sending assets up into the cloud it widens the threat landscape. Typically, organisations rely on the security measures of the cloud service provider, however, this can be compared to relying on a Windows firewall to protect your machine. Many advantages come with using the cloud, so it is easy to see why it has become the new norm. However, with increased use, cloud services become much more attractive to hackers, and it is therefore imperative that your company implements a holistic cyber security strategy which includes measures to protect your cloud-based assets.
Artificial intelligence (AI) or machine learning has made its way into the majority of industries. Seen as a way to streamline some processes, this new technology also brings its own potential flaws. For instance, when AI is introduced for the first time there is a period during which it needs to learn the new model or system. During this time, it is prone to poisoning attacks by cybercriminals who inject “bad data” into the AI system in order to trick it in the future – for example poisoning attacks can be used on AI systems to get around spam detectors.
Cybersecurity is an industry that is using AI to fight cybercrime, but in the same way it is being used to protect businesses, hackers are also using AI to launch cyber-attacks. The threat of AI is two-fold; it can be exploited during the learning phase, and it is being used to mimic human behaviour and launch attacks to trick users into giving up their personal information.
As organisations increase users’ awareness of phishing attacks and techniques, hackers think up new and more sophisticated ways of duping them into clicking on malicious links and attachments.
Phishing is a low-cost, high-reward strategy used by hackers and cyber criminals to gain access to user credentials. If they manage to harvest personal data, they can use this to purchase items online, withdraw money, or apply for credit cards and loans. Another option is to extract and sell the personal data to other malicious actors.
Once in, hackers most commonly use ransomware to blackmail businesses for large amounts of money. The first step is to freeze a company’s systems, and once frozen the hacker will demand a financial sum in exchange for the systems to be released. More often than not organisations will pay up – the amount demanded by the hacker is often much less than the cost of not being able to trade while systems are frozen.
Over the past few months, with the increased use of cloud computing and remote working, credential harvesting has been commonplace. Once an attacker is able to gain access into an individual’s company email, they can leverage this to launch further attacks out to that company’s customers and suppliers. For example, by sending technically legitimate emails from the infected company mail platform, containing malicious payloads such as URLs or attachments designed to solicit further credentials from those customers and suppliers. To the receiver, the email has been sent from a known person at a known customer or supplier, and because the attacker can read all previous correspondence between the parties the tone and content of the email can be consistent with that of previous emails - further removing suspicion. The propensity for a customer or supplier to click, download or transfer funds is quite high in this scenario, and without the right tools in place, very difficult to detect.
Another, often underestimated, impact of an attack is the repercussions to brand and reputation, not least if your customers are breached as a result of a successful attack on your systems. Moreover, once it becomes known that personal data has been compromised (and it most cases the ICO will need to be informed), trust in the brand is eroded, meaning a loss of custom and downturn in profits. The ICO or the relevant governing body may also issue a significant fine if your organisation didn’t have the necessary measures in place to stop the hacker from gaining entry, and does not have a suitably robust remediation plan in place.
Often hackers will use current affairs and actions as a means of obtaining personal data. The Covid-19 pandemic has seen a rise in phishing attempts, whereby hackers send phishing emails disguised as emails from the government warning of encounters with positive Covid-19 patients, or cheap Personal Protective Equipment offers, each requiring the user to click a link and submit details, which the hacker then uses to gain entry.
Never click on suspicious links, especially those that are accompanied by a time pressured or fear mongering message.
Times are tough for most businesses at the moment, and difficult decisions have had to be made. Furloughed employees may be unhappy with the decision, and could be worried about future job security. Therefore, it is important to ensure that access is restricted or entirely revoked during furlough to reduce the risk of internal attack.
Our employees can be our greatest assets, but they also constitute a sizeable risk. Restricting access, protecting endpoint devices and using technology which can detect anomalies in user behaviour are all important – as is having a proven plan in place to respond to a breach should it occur.
The newest technology to hit the market, many people frustrated with their current service may look to benefit from 5G. However, this new technology contains some already known vulnerabilities. Flaws within the new network include tracking a user’s location in real-time, false emergency alerts, and discreetly disconnecting phones from the 5G network altogether. These weaknesses already existed within the 4G network, yet do not appear to have been addressed for the release of 5G. It is therefore critical to regularly update 5G devices with the latest patches. Hackers will be looking to exploit early vulnerabilities.
Putting in place measures to defend against the latest threats will go a long way to preventing your organisation from becoming the latest victim of a cyber security and/or personal data breach. However, no cyber defence is 100% fool proof, which is why it is also important to have a CSIRT (Cyber Security Incident Response Team) in place and ready to respond should a breach occur. Whether you choose to assemble this team internally, or use an experienced external specialist, this team should lead the effort to contain and remediate the breach – allowing you to get back to business as soon as possible.
For more information on CSaaS from norm. please click here.