Cybersecurity threats are constantly evolving. What are the top issues that you need to know about in 2019?
Cybersecurity is a constant game of cat-and-mouse, with cybercriminals and security experts constantly in constant competition. What is at stake? The sensitive information at the heart of your business!
This is why it is important for all business owners to be informed – to understand how cyberthreats are changing and the best actions that you can take (as a non-IT specialist) to neutralise these threats.
The volume of malware attacks reduced in the first half of 2019 by 20%. However, with 4.8 billion attacks in 6 months, this is a security threat that won’t be going away any time soon.
The main cause for concern is that whilst the volume of attacks decreased, the number of attack types increased by 45%. The more attacks there are, the higher the chance that your security system won’t have seen that attack before – and may therefore let it through.
Firewall company SonicWall identified 1,078 new malware variants every day for the first 6 months of 2019. They also identified 74,360 entirely new types of malware which had never been seen before.
How you can protect yourself: Using security software with machine-based learning and behavioural detection capabilities is critical.
Machine learning (also described as artificial intelligence) is used by security software systems to understand the characteristic of malware. It then uses its knowledge to predict whether files which have not yet been identified as malware could be suspicious. As the system deals with malware, it continually improves its predictive abilities.
Behavioural detection is a technique used to understand malware on a ‘behavioural’ rather than a ‘code’ level. This means that even if a cybercriminal completely rewrites the code on a particular piece of malware, if the malware tries to execute the same actions it will be identified. This reduces your exposure multiple variants of the same type of malware.
Encrypted threats grew by 76% in the first half of 2019 – the fastest growing category of cyberthreat.
Encryption essentially encodes your data – only the person with the encryption key can make sense of it. Used for legitimate purposes, it is an important way to prevent a data breach. Even if cybercriminals do manage to access your sensitive data, they will not be able to make sense of it. If you store any company data on cloud platforms, you should ensure that it is encrypted both in transit and at rest.
However, cybercriminals have taken the impenetrability of encryption and used it to their advantage. They hide attacks behind encryption in order to make it harder or impossible for cybersecurity software to identify and neutralise them. Given the potential advantages of encrypted attacks for cybercriminals, it is unsurprising that this category of attacks has increased so rapidly. Phishing attacks, ransomware attacks and other types of cyberthreats can all be encrypted. We expect this type of threat to continue increasing throughout 2019 and 2020.
How you can protect yourself: High quality cybersecurity software providers understand the danger of these attacks and have created programmes within their products to identify and stop encrypted attacks. Check with your provider if protection from encrypted attacks is included in your firewall, anti-virus and email security. If it isn’t, we recommend that you consider changing provider.
Ransomware attacks saw a 15% increase worldwide, with a huge 195% increase in the UK.
Within ransomware, there has been an increase in ransomware-as-a-service, where criminal networks lease their ransomware to multiple cybercriminals, as well as open source ransomware content kits that are available to all would-be hackers. This suggests that the number of ransomware attacks will continue to grow, as it is relatively low effort for cybercriminals to implement.
How you can protect yourself: Ransomware is difficult to catch and can be business-ending if you become a victim. You need a firewall, anti-virus and email security software to fully protect yourself. You also need a good back-up or business continuity solution to minimise the impact if the worst does happen.
Internet of Things
Computing devices are increasingly being embedded in everyday objects – from fitness trackers to a fridge that one determined teenager managed to tweet from when her phone was confiscated.
This sector is growing at breakneck speed, with technologists predicting according to Forbes, that soon your alarm clock will notify your coffee machine to start brewing and your car will rearrange meetings when you’re stuck in heavy traffic.
However, unfortunately many of these devices are being created without security in mind. Some have been found to have weak passwords that cannot be changed or vulnerabilities that allow for hackers to gain access remotely and control cameras through the internet. Once a hacker has an entrance through an IoT device, it is then easier for them to hack into your entire system.
With this in mind, it is unsurprising that the number of attacks on IoT devices grew by a huge 55% in the first half of 2019.
How you can protect yourself: Be wary before you buy that fancy gadget – it’s worth doing some internet searching to find out if the device or similar devices have been compromised before. It may be worth investing in a slightly more expensive product with a better security record.
If you do decide to buy an IoT-connected device for your business, make sure that your business has a firewall and that you connect the device to your protected internet source. This will act as an initial barrier between cyberthreats and the device.
You also need to think about where else you could be using the device – there’s no point carefully protecting your work network and then being hacked when you use your device at home.
Protecting Yourself from Cybersecurity Threats
Having a comprehensive suite of computer security tools is critical in protecting yourself from cybercriminals – as discussed a firewall, anti-virus software, email security software and comprehensive back-up are the minimums that you need.
However, the quality of these products are important to. Increasingly, encrypted attacks and new variants of attacks are used by hackers in order to try and bypass your information security systems. You need advanced systems that do more than just stop known attacks. They need to use features such as behavioural detection, machine learning and predictive analysis to catch malware before it has installed malware rather than afterwards. As technology has advanced, these products have become more affordable and cybersecurity companies have created SME-specific as well as enterprise-focussed offerings.
The volume and sophistication level of attacks will continue to grow throughout 2019 and beyond. Your business needs to be aware of the potential cyber-threats and what you need to do to protect yourself from those looking to steal sensitive information and harm your organisation.