The past year has been bad for infections. No, not the pandemic. The global plague of hackers, phishing scams, and ransomware. All those things were there before, but as we all took more and more of our business online, they’ve gone from occasional concern to the full-blown onslaught.
The pandemic forced more people than ever before to work remotely. Companies were not prepared for this sudden shift. The resulting holes were perfect opportunities for cybercriminals to take advantage. Take advantage they did, with reports of increases in hacking attacks anything from 30 to 250% in countries around the world.
It’s bad, but how bad? We looked at the statistics and figures.
Unprepared Remote Work Forces
The technology required for employees to work from home has existed for many years. But most companies have clung resolutely to the in-office work model. This meant that when COVID hit hard and fast, very few were ready.
Cloud-based intranets were created in massively protracted time frames, with limited testing. IT departments scrambled to find enough laptops and printers. Many turned to commercial tools like Zoom and TeamViewer, despite known security risks.
In the scramble, even basic security protocols fell through the cracks. Many didn’t even set up cloud backups until they were several months into the crisis. In short, it was the perfect type of chaos for hackers to exploit. By the time proof of breach filtered back to the IT department, it was too late to do anything to stop it.
Human Error Reigns Supreme
As much as we want to blame the cybersecurity breach pandemic on hardware and software, research shows that is not the case. In fact, human error is the cause of 95% of all cyber attacks.
Someone opens the wrong email attachment or visits the wrong link, and before they even know it, their system is infected. That infection then spreads through whatever network they have, and soon, it’s a company-wide problem.
Small Businesses Aren’t Immune
You might think that it’s only large corporations, governments, and major institutions at risk of a sophisticated attack. In fact, 43% of all recent cyber attack victims were small businesses. Worse, of those, 60% will eventually go out of business.
The average global cost of a data breach in 2020 was $3.86 million US dollars. That’s enough to put most small to mid-sized businesses in the red at best or out of business at worst.
Types of Cyber Attack
Cyber attacks are much more sophisticated than they once were. There are more people involved than ever before. In fact, most “hacks” don’t look like hacking at all. They’re usually file-based, and again, unprotected users voluntarily download them.
Malware doesn’t destroy computer systems. But it does install itself and quietly take advantage of security gaps. Many, like keyloggers, can copy and transmit passwords and security information. Others use unprotected email accounts to spread and replicate to all users in your address book. The malware itself might not destroy your system, but it can give attackers the tools to do that and more.
Ransomware has been around for a while, but it exploded over the last 18 months. Once downloaded, usually from a compromised email attachment, this software silently installs itself on the affected computer. It then copies all the files to the attacker’s computer and destroys your local copies.
Affected users realize that they cannot access their files, and then the ransom demand comes. If not paid within the stipulated period, often by untraceable cryptocurrency, the files are destroyed.
Phishing is the least sophisticated type of cyber attack that is prevalent right now. Instead of complex software, all it takes is a spoofed email that looks legitimate. Unwary users follow a link to update their login information. The attacker then captures it, who uses it for unauthorized purchases, bank transfers, and more.
Time Is of the Essence
Of course, preventing a cyber attack is the best idea. But if anyone in a company is affected by a cyberattack, time is of the essence. Coworkers and clients need to be notified of a potential breach. Files need to be copied and backed up as much as possible.
In many cases, the problem is that the software or emails that caused the attack and evidence of compromise could go unnoticed. Sometimes for weeks or even months. By that time, it is pervasive and hard to stop. There are several ways to prevent attacks and act as quickly as possible:
- VPN always on
- Beaconing Detection / Continues Compromised Monitoring
- Keep your antivirus software up to date
- Make sure that files automatically backup to a remote location or the cloud
- Train all staff to identify and avoid obvious attacks like phishing emails
- Opt for security software that pre-empts attacks
- Avoid using free software for meetings or screen sharing
As cybercriminals and attacks become more sophisticated, so should we.
Thank you for reading my article.