An evolving Cyber Security landscape
With the COVID-19 global pandemic and the entire world switching to remote working in 2020, we have taken the time to reflect upon how the IT security space changed.
Experts have looked back at some key aspects that shaped cybersecurity during the year of the pandemic, and we now have an idea of what to expect in 2021.
We may have started a new year, but the world remains in the grip of the virus; and making projections into the future is as hard as ever. These are uncertain times, but if there is something we know, is that cyberattacks have evolved and expanded – and the urge to safeguard organisations against cyber threats is unquestionable.
The overnight shift to remote working has been critical to many organisations. Cybercriminals have pounced on the innate vulnerabilities of dispersed workforces and their IT systems, looking for gaps to exploit.
Our partner in IT Security, Sophos, published their 2021 Threat Report, highlighting how cybercriminals have upped their game and used fears of organisations to their advantage.
Amongst the key takeaways from Sophos’ report, it is confirmed that ransomware continues to be a daily threat. Click here to access the report.
Take a look below as we go through some of the latest trends in cyber security, and tell you what to watch out for this year, and what business leaders can do to ensure their organisations are protected.
Trends in cyber security impacting remote working
1. Remote working leading to increase in ransomware
The escalation in ransomware threats has been a notable trend for the past months. Ransomware is a form of cyber-extortion, and while it has been going strong for many years, it took a turn for the worse in 2020, a.k.a. the year of the pandemic.
More and more ransomware attackers have focused on tightening the screw on the victims with data exfiltration and extorsion. Some of the latest attacks have seen malicious operators innovating with their threats to publish, sell or auction stolen data if no payment is made.
With attackers deploying a range of new and more complex ways to ensnare their victims, businesses have had to innovate to stay protected against risks. The focus is on assessing their preparedness to fend off attacks.
Many remote workers are using their own devices and personal Wi-Fi connection for work. This practice is not as protective and strong as a corporate network, leaving them at risk of attacks.
As employees keep using their own networks, we can expect cybercriminals to continue to take advantage of the situation.
But we also expect businesses to become more adept and tighten up their security protocols for remote employees.
In the meantime, remote workers will need to stay alert and watch out for scams and other phishing attacks.
2. More social media attacks
Social media is used by not only individuals, but virtually every business too – and business accounts on social media are also at risk.
Cyber attackers are expanding their tactics to social media, and their target now goes beyond individuals, to reach businesses as well.
Why attack on social media platforms? Well, most social channels count with poor authentication and little verification, which increases rate of success for the attacker.
While working remotely, employees need stay vigilant when posting, signing up for online events, or communicating on their own or on behalf of the business.
3. Increased focus on senior employees and individual workstations
The latest evidence suggests that senior employees have become a target and are currently those most likely to need ransomware protection. Senior members of staff are frequently in a position to authorise payments, which makes them more vulnerable.
So, it seems that cyber criminals are making a point of targeting c-suite staff members and high-ranking individuals.
Similarly, attackers are increasingly focusing on individual workstation, rather than company-wide IT infrastructure. They are doing this looking to acquire personal information, which they can then use to threaten or embarrass senior employees.
So far, the type of ransomware attacks that targets individuals has been used by groups under a strain known as “Clop” ransomware. This strain of malware has been around for just over a decade, and it seems clear that other criminals are adopting similar strategies to attack.
4. Automations posing a cybersecurity threat
Organisations have tried to merge their security solutions for remote workers, in order to reduce costs. In doing do, businesses have applied hyper-automation to automate many processes with different tools like artificial intelligence (AI), machine learning (ML), and robot process automation (RPA).
Unfortunately, these automations have posed a risk. Hackers are using automation too in order to attack business networks and systems. The attackers look to spot patterns and find vulnerabilities in systems, then collect data and repurpose it to train the malicious systems, and attack similar software.
An article by Dark Reading explored the malicious use of AI, and how antivirus and cyberthreat intelligence systems are using machine learning to become more efficient.
Therefore, we should be prepared for artificially intelligent cyber attacks to become more common. To stay protected, businesses need to use endpoint security systems. Reportedly, less than 50% of businesses with remote employees are using endpoint security systems.
For 2021, we expect to see a rise in the number of employees becoming more accustomed with endpoint cybersecurity systems.
How to stay protected against threats
With remote working continuing to be the norm, it’s important that businesses take the necessary measures to protect their employees and their organisations.
Here are some of our tips for keeping up with IT security standards and stay secured against risks.
- Keep software updated
As IT specialists, we know how crucial it is to keep software up to date to eliminate vulnerabilities in apps. It’s vital to keep your software always updated, to benefit from the latest security measures. Where possible, select the auto-update option. If in doubt, contact our team and we will help.
- Install antivirus and cybersecurity software
An obvious but essential practice – antivirus is crucial in the battle against malware, phishing and other types of online and offline threats. The most effective measure is multi-layered protection on your devices.
- Train your staff
Training can go a long way and empower staff to learn key security practices. Training provides tools for employees to protect themselves and the organisation. This can be delivered often and in small doses – for instance, with reminders around the importance of virtual private networks (VPNs) and on the awareness of phishing emails.
One of the first lessons is to always check the sender. Inform your staff that is they receive a suspicious message or email instructing them to click a link, the first thing to do is to check the sender’s details and try to authenticate the link. If in doubt, staff should know to delete the message and report it.
Getting an MSP to look after your business IT support | Glasgow, Edinburgh and across the UK
Remote working is here for the long haul, and to ensure businesses can operate efficiently, their IT function needs to be in top tip shape, with excellent management and strong security measures at the core.
That’s where we come in – as experts in business IT support, we help companies to run smoothly with minimal disruption, prioritising security practices to protect employees, IT equipment and infrastructure.
Understandably, when lockdown came into force, some organisations were thrown off course when they had to send their staff to work from home. The good news is we can help with migrations and IT moves even during lockdown.
If you are feeling uncertain about remote working practices and implementation of IT security measures, just get in touch and we will be happy to have a chat about how we can help.
We at Euro Systems are an established Managed Service Provider (MSP) for IT support in central Scotland. We can help with the latest antivirus services, multi-factor authentication, endpoint security and ransomware protection, and much more.