Cyber-attacks skyrocketed for businesses in 2018 and saw many organisations falling victim to data breaches on almost a weekly basis, Spear Phishing became more sophisticated and the EU’s General Data Protection Regulation (GDPR) came into force.
It has been reported by the Department of Culture, Media and Sport (DCMS) in their Cyber Security Breaches Survey 2018 that 43% of organisations of all sizes experienced a cyber-attack or breach in the last twelve months. This is made up of 42% of small businesses and 65% of medium to large businesses. The average cost of such breaches cost medium businesses an average of £8,180 and large businesses £9,260 in loss of business downtime.
The DMCS reported that the most common causes of cyber-attack were staff members who received fraudulent emails (75%), others impersonating the organisation online (28%) and viruses and Malware (24%). Yet, only 27% of organisations have a formal cyber security policy or policies. The survey above states that only 30% of UK organisations have a member of the board with sole responsibility for cyber security measures within their organisation.
In anticipating the major cyber security and privacy trends for the coming year, you can find plenty of clues in the events of the past 12 months. It is also predicted that cyber threats in 2019 will no longer consist of one route of attack but are likely to combine as many as five different techniques at the same time.
What are cyber threats of 2019?
Ransomware
Around 4,000 Ransomware attacks occurred every day in 2018, and there are predictions that in 2019 there will be Ransomware attacks on organisations of all sizes approximately every 14 seconds by the end of the year. Building secure defences against ransomware is crucial. As Ransomware infects organisation’s database systems with encrypted data and the threat to delete or corrupt company data unless a ransom is paid, this has the potential to cause the permanent loss of company data.
In addition to the more traditional type of Ransomware, a new type called Rapid Ransomware was first reported in the early months of 2018 which could continue well in to the new year. Rapid Ransomware stays active on a device after the initial encryption and encrypts any new files that are created. Auto-runs are created, and the ransom note is displayed every time the system is restarted.
Sophos provides endpoint security and Malware protection. It works by preventing the malicious and spontaneous encryption of Ransomware, protecting against trusted files or processes that have been hijacked to keep your business data safe. Intercept X protects your business from all the main Ransomware strains including Rapid, Wanna Decryptor 2.0 (also known as WannaCry), Zepto, Locky, RAA Ransomware and many more.
Having a Disaster Recovery and Backup solution in this instance is also imperative, whether this is on-site, Cloud or Hybrid. All of these backup options have high availability. A Disaster Recovery and Backup solution ensures business continuity and enables data, networking equipment, hardware, connectivity and more to be restored in such unexpected situations. Business downtime of this sort can cost more than revenue loss whether this is in the form of operations or legal liability.
Single factor passwords
Simple passwords and repeated use of passwords are the key tool for cyber criminals, from novice hackers right the way up to nation-state players. Simple passwords still remain the go-to security protection for the majority of organisations, despite the low cost and ease of deployment of multi-factor authentication solutions. Password theft and password breaches such as Brute Force Attacks will persist as a daily occurrence in 2019.
Two-factor authentication provides an extra layer of security that is designed to ensure that you’re the only person who can access your account, even if someone knows your password. Two-factor authentication makes it significantly harder for a hacker to access devices and online accounts because knowing the victim’s password alone isn’t enough to gain access to their profile.
Our blog on how to secure your business network explains two-factor authentication and more in detail.
Artificial Intelligence (AI)
Artificial Intelligence, or AI, and Machine Learning will become more widely used by attackers as 2019 progresses. 2019 will be the year of AI in many ways and will find its way to be applicable in several industries for both positive and negative effects.
AI will analyse the available options for exploit and develop strategies that will lead to an increase in successful attacks. AI will also be able to take information gathered from successful hacks and incorporate that into new attacks, potentially learning how to identify defence strategies from the pattern of available exploits. This evolution may potentially lead to attacks that are significantly harder to defend against.
Phishing
Phishing and Spear Phishing will continue to be a major cyber security threat in 2019. These email-based attacks will grow more frequent, sophisticated and organisations of all sizes will need to find ways of reducing risk and better detect threats that land in your inboxes.
Microsoft 365 has a built-in anti-phishing feature called Advanced Threat Protection. When a user is covered by an ATP policy (safe attachments, links or anti-phishing), incoming messages are evaluated by multiple machine learning models that analyse the message to detect impersonation attempts, unsafe attachments or links. ATP anti-Phishing protects your organisation according to the policies that are set by your Microsoft Office 365 global or security administrators.
Phishing attacks can also be simulated within Advanced Threat Protection. This resource can help to educate your end users so they so that they don’t fall prey to malicious phishing attacks.
Infinity Group are Cyber Security Consultants and IT Security experts as well as being one of the top 200 Microsoft Gold Partners in the UK. If you are interested in Cyber Security Consultancy or IT Security, please get in touch to find out more.
