The year has brought out all kinds of cyber criminals — from opportunistic COVID-10 phishers to amateur student hackers taking down educational systems to prevent access to online classes. As the cyber security threat landscape continues to change, so must we.
This post will identify current and significant threats to help you to prepare for whatever changes come next.
2020 Cyber Threats not to be ignored
1. Virus Themed Phishing Attacks
As the coronavirus quickly spread so did cyber criminals. A survey conducted by KnowToBe revealed that phishing email attacks, related to COVID-19, increased by 600% in the first quarter of the year.
Attackers preyed on victim’s emotion and fears with Pandemic themed phishing scams. Anxious users starving for more information on the virus were targeted with tabloid headline related content in message headers and links to click to learn more or to view maps of the spread of the virus.
How to prepare: Do not fall for their next scheme hatched from whatever global event we face next. Educate staff on how to identify malicious emails and ensure they are aware of the reporting process if they do accidentally click. Deploy simulated Phishing attacks on staff to test their alertness and to identify if the training was effective or if more is needed.
2. Ransomware on the Rampart
Another threat to increase was ransomware attacks hidden in COVID-19-themed messages, attachments and documents. In previous years, ransomware attackers would restrict the organisation’s access to their data and ask for a ransom. This year they are additionally threatening to release data on a widescale to leverage a larger pay-out from the victim.
Attackers are also spending more time gathering intelligence about their victims, knowing exactly what to encrypt to achieve maximum disruption and demand higher ransoms. An example of this in 2020 was within the educational sector. Attackers quickly identified that due to the Pandemic, many institutions were forced to rely more heavily on online systems to deliver their courses — making them a prime target.
If you think your organisation would never be targeted, you should think again. The education sector became a prime target this year compared to other industries. Attackers are seeking out victims who have weaknesses in systems and a high dependency on their online systems.
How to prepare: There are several ways to combat ransomware for your organisation. A few to mention are patching and updating your operating systems, regularly running back-ups, restricting bring-your-own-devices that do not meet security policy and implementing zero-trust network access. Don’t forget to secure the weakest link in your security system – people who use your devices and applications. Information security awareness training is essential to secure email gateways.
3. Expanded Working From Home Network Vulnerabilities
Many organisations are now supporting a majority of staff working from home (WFH). For attackers, this has opened up opportunities to break into unprotected home networks, consumer devices, VPN connections and video meeting communication platforms. Consumer-grade routers and Internet of Things (IoT) devices are also prime targets.
How to prepare: As attackers continue to take advantage of “The New Normal” it’s of the utmost importance for organisations to secure their expanded WFH network perimeters. Staff WFH should update their router’s firmware and change the default password to one more secure. VPN connections are recommended for security. You should update policy and processes to include home security. And lastly, as always educate your staff on cyber security.
Stay Ahead of Upcoming Attacks
To combat what attacks cyber criminals will hit us with next, we must learn from the past attacks to prepare for the future. Defining your risk posture, managing data and responding to ever-changing attacks will always be obstacles to creating an effective cyber risk governance strategy.
Where to Begin
A good place to start to get ahead of attacks is to know your organisation’s current cyber security and risk posture. We have created an IT Security and Cyber Risk scorecard so you can quickly get a snap-shot of your organisation’s overall Information Security and Risk Profile.
If you need further assistance with your cyber security programme, please feel free to contact our partner, Risk Crew, for any questions. They are happy to chat about your current posture and how it can be improved.
And you can get more information about cyber-liability insurance here or contact Clear's cyber-insurance specialist Stewart Ruffles on 020 7280 3479.