With a new decade on the horizon, many digital threats and cybersecurity gaps that have plagued the previous one will persist and worsen. Additionally, with artificial intelligence (AI) and machine learning being adopted across an ever-widening array of industries, hackers are also using them to enhance the sophistication of their attacks. In fact, many recent widespread ransomware attacks were AI- and machine learning-driven.
In 2019, attackers unleashed a variety of new types of digital threats to increase their success. From ransomware to phishing scams to data breach attacks, cybercriminal tactics are becoming more targeted, complex, and costly. Email also continues to be an extremely popular attack vector with 90% of cyberattacks initiated via email.
The current security posture of many businesses, including small- to medium-sized businesses (SMBs), is shamefully subpar. Based on a report by the Ponemon Institute, 45% of SMBs admit that their data security measures were insufficient for thwarting cyberattacks, with 69% of SMBs claiming that they experienced an attack that breached their intrusion detection systems.
Of course, not all hope is lost. Your business can still be one step ahead of cybercriminals by knowing and understanding the different kinds of digital threats:
Phishing — a type of scam that uses email and other messaging media to trick victims into providing sensitive information such as their account credentials and credit card details — remains the most commonly used method.
Given many organizations’ inadequate defenses, phishing attack variations are highly efficient and effective, resulting in data breaches and account takeovers. You can learn more about phishing and its impact from our previous blog, “How to identify and mitigate phishing attacks”.
Since their surge in 2017, ransomware attacks have not slowed down and continue to exhibit stealthier and more sophisticated techniques. Hackers mainly use the malware to lock victims out of their data and systems until they pay a ransom, but cyber-extortionists are starting to use ransomware to threaten to leak sensitive company data instead.
Fake Wi-Fi networks
A fake Wi-Fi hotspot is a clone of an authentic and trusted public connection that’s typically found in hotels, airports, coffee shops, and shopping malls. It can also be a private connection initiated by someone you know.
Authentic Wi-Fi networks can be hacked if these are not protected by a password. By copying the properties of the real wireless connection and putting them into a new Wi-Fi access point, hackers can put together a new, fake hotspot. When you connect to the rogue network, hackers can then steal your data.
Drive-by downloads are unintentional downloads of malicious code onto a computer or device that expose users to more malware, ones that collect and steal information, spread malware to other devices, and do many other illicit things. Victims pick up drive-by downloads from infected sites through ordinary surfing and are often unaware that their computers have been infected.
It’s easy to get frustrated over the reality of the threat environment. However, there is a host of new techniques that make it easier to mount a robust defense against these digital threats. Consider the following tips:
- Train and educate your employees – Your employees are your first line of defense. Every device and program they use may contain malware, so training them to spot red flags and apply cybersecurity best practices and policies can help prevent attackers from getting in.
- Use strong, unique, and different passwords across different accounts – Make it more difficult for hackers to crack your passwords by using ones that are hard to guess. Avoid using passwords like “password,” “1234,”or “iloveyou,” or those with personal information like birthdays or anniversaries. Also, do not recycle your passwords. Once a hacker cracks one account with a successful password guess, it will be easy to crack other accounts that use that same password.
- Use multifactor authentication (MFA) – MFA is a system that verifies a user’s identity by requiring multiple credentials. Instead of just requiring a username and password, MFA asks for additional credentials like a code from the user’s smartphone, a security question, or a fingerprint scan.
Cybersecurity is more than an expense. It is an investment that helps your bottom line by keeping your IT systems secure and preventing costly data loss, downtime, and reputational damage. With that in mind, let Graphus help your business strengthen its cybersecurity posture. Call us today and we’ll help you get started.