5 lessons to be learned from 2020 security breaches
It is inevitable that the Pandemic will leave businesses operating in a different fashion for the foreseeable future. One such adjustment will be the need for greater awareness when it comes to cyberthreats; something that affects businesses and organisations of all sizes.
According to it.pro.co.uk, there was a massive 20% rise in cyber security threats compared to 2019, with ransomware attacks alone surging by 80% in the UK in the third quarter of the year. Meaning that cybercriminals capitalise on the disruption caused by remote working.
1) Phishing and spam are more sophisticated than ever before
Anyone can be fooled by a scam, and phishing is evolving with plenty of new changes. the danger is refining quickly. Watch out for ‘spear-phishing’ (where individual victims are researched first and then contacted directly); ‘vishing’ (voice phishing, where a voice message purporting to be from your bank or another service provider informs you that your account has been compromised); ‘smishing’ (the same as above, but done via SMS text messages); and ‘angle phishing’ (where the criminal uses social media feeds to discover companies with a poor customer service experience and then poses as a member of the support team in a direct message to targets).
2) Simulating an attack can expose vulnerabilities before it’s too late
Ransomware attacks can be extremely clever. One of the best ways to understand your own vulnerabilities is to simulate a ransomware attack on your own system, discover where your weaknesses are, measure the ability of your business to detect and respond to the breach, and then fix the problems. One key learning to remember: According to techtarget.com, one of the most overlooked vectors of attack are wireless guest networks.
One of the best ways to understand your vulnerabilities is to stimulate an attack on your own infrastructure and find out where your weaknesses lie. This will then tell you where you may need to invest as a priority.
3) It’s important to test the integrity of the software you use
Ensure you are more painstaking the testing of software on your network. Carry out a manual review, this allows for proper interrogation of codes and updates, and are more likely to detect vulnerabilities.
4) Staff awareness of threats and risk could prevent most attacks
This sounds like common sense but is so often overlooked. At every step of the way, the most efficient method of limiting the damage from cyberthreats to your company is to keep you and your staff trained about the risks.
5) Don’t just check everything once – it’s a continual process
This part is important but frequently forgotten about when people are busy. Build it in to your calendar and make it a priority.
If you are concerned about cyberthreats and would like more advice on how to protect your business, we can offer solutions, including staff training and integrity checking.