Last year proved to be another record breaker for cyberattacks, and the signs already are that in 2022 there will be even more in terms of both numbers, variety and levels of sophistication. In our latest article we look at the statistics and, more importantly, some of the steps you can take in order to protect your business.
2021: a meteoric rise in the number of threats
According to the 2022 SonicWall Cyber Threat Report, 2021 showed a “meteoric rise” in the number of cyberattacks across all threat types, including the following:
• SonicWall researchers recorded 623.3m ransomware attacks in 2021, a 105% increase over 2020
• IoT malware rose by 6%, with a total of 60.1m instances in 2021, lower than the 218% and 66% seen in 2019 and 2020 respectively. According to IoT Analytics, the number of connected devices grew by 9% in 2021 and so the good news is hopefully that these types of attack are levelling out.
• SonicWall observed that cryptojacking instances – an online threat that then uses the resources of a computer or mobile to mine cryptocurrencies without the owner’s consent – rose 19% to 97.1m, the most ever recorded in a single year.
The escalation in the number of attacks was further confirmed by Checkpoint Research who observed that there was a 50% increase in overall attacks on corporate networks in 2021 compared to 2020, with an all time peak reached in the fourth quarter of 2021 in weekly cyber attacks per organisation.
The different types of cyberattacks
The most common types of cyber attacks in 2021 were as follows:
• Phishing – almost every day most organisations will experience an attempt at phishing, most being delivered by email, and accounting for over 80% of all reported cybersecurity incidents. There are a number of different types of phishing, each with the scammer posing as a legitimate institution in order to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
• Malware – a form of software that can be hidden within a file or a program, the objective being to cause harm to a user at some future date using for example viruses, Trojan horses and spyware.
• Ransomware – a type of malware through which the attacker prevents the user from accessing his files using encryption, then demanding money to unlock those files.
• Data breaches – the exposure of confidential user information without authorisation.
• DDoS (distributed denial of service attack) – an attack that aims to shut down computers or networks making them inaccessible to users. The attacker sends information that triggers a crash or by overwhelming the target with traffic.
• Man in the Middle attack – this is where communications between a victim and the entity which it is trying to communicate are intercepted and, for example, bank account numbers are changed on invoices, diverting funds to the criminal. Alternatively a victim could be directed towards a fake bank website, inputting security details that are then used by the criminal to access the victim’s account.
How to reduce the risk of a successful attack
We have in past articles covered some of the precautions an organisation should take to reduce the risk of becoming another cyberattack victim. These are summarised as follows (see each separate article for more detailed information on steps that can be taken):
Ransomware: threats and precautions (7 September 2021)
We looked specifically at ransomware in this article, the forms it takes and how the attacks occur.
In order to reduce the risk of losses, the regular backing up of all of an organisation’s data is essential and it is advisable to take out insurance cover that will reduce the scale of the loss should a cyberattack take place. Putting in place measures to minimise the risk of a successful attack is best done without delay. It is important to be aware of the fact that recovering files from a backup and restoring encrypted systems is often more of a challenge than one expects – costs will soon mount as a significant period of time can pass before full access to files is restored, hence the need for insurance.
There are a number of basic precautions that can be taken to protect against the ransomware threat:
1. As outdated software applications and operating systems are the target of most attacks, it is important to ensure that these are regularly updated – make sure that your organisation is using the latest version of each.
2. All users need to be continually educated, heightening their awareness of malicious links and attachments to ensure they neither click nor download files from unsolicited emails. All users should continually be encouraged to “remain vigilant at all times”.
3. Everything needs to be backed up on a regular basis, keeping the backup completely separate from the original. That might be on a separate device, server or offline.
4. Institute basic safe practices such as:
• Strong password security
• All software should be kept completely up to date, installing the latest patches as soon as they become available
• The use of secure networks only, avoiding public networks where data can easily be intercepted
• Remaining alert, especially when unexpected emails arrive in an inbox
Cyber Security Update (22 April 2020)
We drew attention in this article to the number of attacks that were taking advantage of weaknesses arising by virtue of the fact that more of us were working from home, with many of the new scams initially targeting individuals rather than organisations. Many organisations have adopted a hybrid version of WFH so the threat still remains. Of the attacks that take place, phishing attacks appear to be the most prominent and the steps one should take to reduce the risk of these being successful was covered in our article “Cyber security risks and their management” (see more below).
Cyber Threats and Covid-19 (3 April 2020)
Having observed the increase in the number of individuals working from home as a result of the Covid-19 pandemic, in this article we first looked at steps that can be taken to protect files and devices:
1. Backup files on external hard drives or the cloud
2. Ensure you have installed the latest software updates for apps, browsers and operating systems, changing update settings to automatic. This is especially important in the case of anti-virus and anti-malware software
3. Protect devices and media with passwords that are not easy to guess (random combinations of letters, numbers and characters, different for each account etc) and never leave laptops unattended. Password managers make it easy to use different passwords for each different app and their inbuilt password generators ensure only the strongest passwords are used
4. Encrypt devices that contain sensitive, personal information
5. Make sure hardware used at home is up to the job – for example, ensuring your router offers the latest encryption methods and is protected with a strong, unique password
6. When using new apps such as Zoom for the first time, make sure that the default security settings are changed. It may be that passwords are not enabled, and choosing to generate random meeting IDs, setting meetings to private, removing the ability to re-join meetings or share files are all ways that can be used to enhance security
7. Using two-step authentication to gain access to apps provides another level of protection. Google Authenticator, as an example, is free to use and, for those apps that support it, means having only a password and user-name is no longer enough to gain access to an account
8. When sharing documents using Google Drive or Dropbox, for example, when given the choice between sharing a link or naming people use the latter. A link can be “re-shared” without your knowledge thereby making documents accessible to individuals outside of your control
9. Make use of software that only allows pre-defined teams access to both collaborative inboxes and associated file sharing – our own CompassAir messaging software being an example.
and for an employer
1. Understand the risks that your organisation has, both now and potential risks in the future
2. Have in place a plan to both protect against and respond to threats, importantly a plan that has been tested
3. Review the current controls and security in place for each potential threat
4. Train staff and heighten awareness and ensure that security practices are followed from wherever they happen to be
Email Scams: A Growing Threat (12 December 2019)
Back at the end of 2019 we looked in particular at the threat from “phishing”, emails that contain ransomware or other viruses which have the potential to cost you thousands, immobilize your systems and possibly even destroy your business.
The warning signs that an email is of the phishing variety include
1. What it refers to is too good to be true
2. There is a change in detail, such as the bank account number of a supplier
3. Badly worded emails, as well as unexpected emails
4. Misspelt email addresses and domain names
5. “reply to” is different to a sender’s “from” email address
6. There is often a sense of urgency, the stressing of a need to reply without delay, rushing the recipient into a trap
The best form of defence against phishing emails is vigilance, to ensure that everyone within an organisation is aware and watches out for such emails.