Cybercrime has long been an issue for private businesses, citizens, and the public sector. New threats that have emerged over the past few years have also resulted in an increased focus on information security. It’s vital that organisations take cybersecurity seriously, and the statistics are there to back this up:
- Every minute, $2.9 million is lost to cybercrime1
- The average cost of a single ransomware attack is $1.85 million2
- The average ransomware demand climbed 82% since 2020 to a record $570,000 in the first quarter of 20213
Cybersecurity and data protection needs to be a priority for businesses, otherwise, the consequences can be devastating. That’s why staying up to date with current cyber security trends and continually adjusting your cybersecurity posture is critical.
Today, we’re going to examine some of the emerging trends in cybercrime that businesses should be on the lookout for. Let’s dive in.
#1: Vulnerabilities from continued remote working
Multiple cybersecurity risks have emerged due to the fact that many employees in traditional office jobs have spent a significant amount of time working at home over the last two years. While everyday life is largely back to normal, remote working is here to stay.
Despite the benefits remote working has to offer, it does create security vulnerabilities that leave an organisation open to attacks. For instance, phishing has long been a prevalent form of cyberattack, but it became the most widespread and most high-profile cybersecurity threat of the decade during the pandemic. Remarkably, phishing attacks rose 220% during the height of the pandemic compared to the yearly average.4
Cybercriminals used the pandemic to get unsuspecting individuals to provide them access to sensitive information. For example, elderly people received emails that promised them COVID-19 vaccinations if they provided sensitive data to criminals.
It doesn’t end there. Home devices used by employees to access business networks are not subject to the same security scrutiny as corporate devices. They often lack firewalls, antivirus programs, and other security features installed on corporate devices. As such, they open opportunities for cybercriminals to access networks, and each device is a potential doorway into a company network. Moreover, the blurred lines between personal and professional life increase the risk of sensitive information falling into the wrong hands.
#2: Increase in Cloud security threats
The rapid and widespread adoption of hybrid work models has seen the expansion of cloud-based services and infrastructure. Despite the scalability, efficiency, and cost benefits this can provide, it can also subject companies to more varied and sophisticated forms of cyberattack.
More traditional forms of attack are still very much prevalent on top of this. Insider threats pose a significant cybersecurity threat within the context of the cloud. Insiders are responsible for a whopping 43% of all data breaches, and these breaches tend to be more detrimental to businesses’ long-term prospects.
A company’s own employees can aid external attackers by stealing data deliberately and sharing it for personal financial gain. This can have disastrous consequences for businesses, including significant downtime on top of both reputational and legal costs that have long-term implications.
A careless employee can also unwittingly download sensitive data from a corporate cloud service and share it with a third-party, such as a vendor, thereby putting corporate data at risk. Internal threats can emerge due to poor or sloppy security processes. For example, employees with weak passwords or those accessing the company’s network with unsecured devices can unintentionally put companies at risk of a cyberattack.
Stay on top of the trends to keep your business protected 🛡️ – Configure your bespoke cybersecurity quote today!
#3: IoT Risks
The Internet of Things (IoT) is a collective term for the growing number of devices with sensors, processing ability, and other technologies that connect and exchange data with other devices over the internet.
Cars, smart door locks, medical sensors, smart security systems, and smart appliances can all be connected through the IoT. And as the internet evolves, more devices will join the list, with the number of connected devices (IoT) set to reach 27.1 billion by 2025.5
IoT devices can be beneficial to businesses in many ways. For instance, a business can use advanced IoT analytics to:
- Improve operational and supply chain efficiency
- Make data-driven decisions
However, this communication between devices opens them to vulnerabilities from external forces, attacks, or software bugs, thereby creating opportunities for cybercriminals.
For instance, with the advent of IoT devices, artificial intelligence (AI) is predicted to increase the cybercrime rate. AI and IoT are making it easier for cybercriminals to get an access point to networks and systems. Any device that can be connected to the internet can be hacked. And with the rapid advancement of artificial intelligence, IoT devices are facing security problems that are proving difficult to solve.
Worst of all, it’s harder to install firewalls, antivirus, and other security applications on IoT devices. This makes them even more vulnerable to cyberattacks. If malware attacks an IoT device, it could cripple the device’s functionality, and sensitive data can subsequently be stolen.
#4: Sophisticated social engineering
Social engineering is the act of manipulating people so they give up confidential information, including bank details and passwords. For example, a social engineering scam may involve someone masquerading as a legitimate employee to get sensitive company information from employees.
Social engineering may also involve a scammer tricking an employee into thinking they are legitimate customers to get the employee to provide sensitive customer information. These threats are by no means new but have recently evolved and increased in numbers, driven at least in part by the pandemic and the rapid shift to remote work.
Usually, social engineering involves email or text messages, but there is a range of techniques criminals are now deploying with some success, including:
- Vishing and smishing
- Sim jacking
- SMS phishing
- Tailgating or piggybacking
Social engineering can be tricky for organisations because it’s difficult to identify before hackers gain access to your systems. Moreover, it can take more than five months to detect a social engineering attack, which is why it’s one of the popular techniques for data theft. In fact, 98%6 of cyber-attacks rely on social engineering, and these types of attacks can victimise even an experienced IT professional.
Cybersecurity vendors can protect your business
The threat landscape is constantly evolving. With around 300,000 new pieces of malware being created every day, the threats to businesses continue to increase. Cybercriminals are also approaching their targets with a business mindset, combining social engineering with sophisticated technology to obtain sensitive data.
As such, staying on top of cybersecurity needs to be a priority for all organisations. Working with world-class cybersecurity vendors is the best way to enhance your cybersecurity posture without diverting significant time, money, and resources away from other crucial business operations. Working with external providers can give your organisation access to:
- Threat detection
- Updates and malware scanning
- Staff training on steps to improving cybersecurity
However, every business has unique demands. That’s why at Nexstor, we’re renowned for working with cybersecurity vendors to devise custom-made solutions, including Arctic Wolf. With over 15 years in the cybersecurity space, we have the expertise and resources to help you prepare and combat modern security threats. Get in touch with us today for more information on how we can help you combat these and other cybersecurity trends.