The year 2020 has been a universally challenging one. With the Covid-19 pandemic forcing us to accept a ‘new normal’ and change the way we go about our lives, this year has been tumultuous and chaotic to say the least. However, with the year drawing to a close it is befitting to look back at the cybersecurity landscape of 2020 and begin to prepare for 2021. Cybersecurity has never been more important and amongst everything that has happened, it is very much at the forefront of business owner’s minds. Cyber-attacks have some similarities with the Coronavirus pandemic: they are destroying businesses globally, they spread rapidly and they are not slowing down. As the New Year approaches, it is important to be mindful of the cybersecurity trends from the last year so we can be better prepared for the upcoming one.
Top Cyber Threats of 2020
Phishing attacks remain one of the biggest threats to business cybersecurity for one simple reason: it works. They operate by impersonating a well-known source and then getting you to enter personal details and sensitive data or click a link which installs malware or downloads a virus. Over the years, cyber criminals have become more and more professional so phishing emails can look legitimate and be hard to recognise. A 2019 study by Small Business Trends found that 1 in every 99 emails is a phishing attack. When you consider the number of emails sent a received on a daily basis, this is quite alarming. Training employees to recognise a phishing attack is vital.
2. Cloud Vulnerability
Businesses are increasingly relying on cloud computing to store their workload and data. Although the big cloud hosts such as Google, AWS and Azure are investing huge amounts of money into cloud security, they are, unfortunately, not immune. Incidents, especially data breaches, are often a result of misconfiguration as seemingly innocuous configuration changes can have big consequences. Additionally, many cloud users simply cannot recognise when something is off. A recent example of this is the Magecart attacks on retailers. Hackers used malicious code in customers’ online shopping carts to steal data and was only discovered after the fact. It is important to ensure that your cloud data is backed up, as this will help with disaster recovery in case of an incident.
3. Remote Worker Endpoint Security
This year, due to the pandemic, workforces have gone remote and employees are mostly working from home. However, there are risks that come with this in terms of cybersecurity. Employees are using their home networks and personal devices, the security of which you have no control over. Cyber criminals are aware of this and will try access company data through targeted phishing and other cyber threats. To combat this, your company should have a strong remote access policy which outlines security steps your employees should take. This should include strong password policy, antivirus software, VPN use and a backup policy.
4. IoT – Based Attacks
The Internet of Things (IoT) is becoming more pervasive and the number of smart devices in our homes has increased hugely. Other than the obvious laptops and phones, our fridges, doorbells, TVs and home assistants often have WiFi capabilities. Whilst this can be convenient and useful, it can also pose a security threat. Cyber criminals can leverage WiFi enabled devices to access your network. They can then access personal information, such as credit card details, or can download malware onto your network. There was a case recently where someone hacked into a Ring doorbell camera to remove the footage of him breaking into the house. Having strong home network security and keeping your smart devices updated is the best way to prevent situations like this.
Whilst ransomware attacks on individuals are declining, the number of attacks on businesses is rising. Cyber criminals know that targeting businesses is far more lucrative as they have more to lose. IT Pro Today noted that the number of enterprise ransomware attacks detected rose by 340% between 2018 and 2019. The rise of cryptocurrencies has also helped fuel the increase in ransomware attacks as ransoms can be paid anonymously. Moreover, ransomware is relatively simple and cheap to carry out and can have high return, hence its popularity. In general, ransomware works by a hacker infecting system, encrypting data and demanding a ransom for its return. Having strong network security can help prevent attacks. Additionally, having a business continuity and disaster recovery plan in place is essential.
6. Unpatched Security Vulnerabilities
Hackers can exploit known security vulnerabilities in software which can leave networks exposed. Patching your software is essential to ensure you always have access to the most up-to-date security and best technology. You should have a patching schedule to check for any updates. This is true of any software you have a licence for, but it is especially important for anti-virus software. Having anti-virus software is all good and well, but you will not have the full level of protection if you do not keep it updated.
7. Insider Threats
Not all cybersecurity threats are malicious; a 2019 report by Verizon Data Breach Investigations Report found that 34% of breaches are internal. These breaches are usually a result of negligence rather than malice. They can be a result of weak passwords, unsecured personal devices or home networks that are subsequently hacked by cyber criminals. It is critical that your business has a strong security policy and constantly trains employees in the importance of cyber security. It is also important to follow security steps when an employee leaves your company. Although they are probably trustworthy, it is not worth risking someone outside your business having access to your network.
8. Social Engineering
Cyber criminals are becoming more and more sophisticated, not just technologically, but psychologically too. Hackers take advantage of human trust and pose as people we know in order to extract information from us. They have moved on from the infamous Nigerian-prince-needing-money email and can now target us much closer to home. They can pose as your boss, your colleague or friends by using email, phone calls or even social media. Social engineering attacks are increasingly being used to get people to hand over personal details and sensitive information. You must remind your employees never to open an email that looks even slightly off and never to click links, or download attachments, unless they are 100% certain who sent them.
Cardonet can provide you with a comprehensive range of cyber security services to help you stay secure and, at the same time, help you demonstrate compliance with industry and regulatory standards. To find out more about our Cyber Security Services, please click here.
If you are concerned about how cyber-attacks could affect your business in the upcoming year, call us on +44 203 034 2244 or +1 323 984 8908. Alternately, you can contact us online. We will be happy to help you overcome your hotel IT challenges so that you can improve your guest experience and set your hotel apart. Cardonet have been working with businesses for the past twenty years to help them overcome their technological challenges. We have engineering bases in the United Kingdom, Europe and Southern California and our group of highly experienced engineers are available 24/7 to assist and ensure that your IT infrastructure is secure and running seamlessly.