As 2020 moves into its second month, the cyber security experts at our partner security company, Webroot, have made their predictions for the year ahead. The cyber security analysts do expect that many of the trends they have been watching throughout 2019 will continue, hence the importance of user education, as is the awareness of AI-enabled cyber attacks.
Targeted ransomware will continue to disrupt businesses
Expect strong and highly targeted ransomware throughout much of 2020.
Ransom-motivated cyber attackers will watch automatic backup solutions and make attempts to remove and change the backup data, or even amend the task itself. Note that we have just taken on a new client last week who had this exact issue and their entire backup data was encrypted and unrecoverable.
We should continue to expect threat actors like these to continue to gain access to networks from where they can observe financial transactions and valuable information before deciding on the most profitable way to effect their targets through cyber fraud.
Phishing will also become far more targeted as the data collected from tens of thousands of breaches is incorporated into phishing emails. Such as displaying familiar passwords and recent transactions will attack the psychology of the victim which could do enough to convince people that the phishing email is authentic.
So the continued advice is to ensure email filtering with advanced threat protection has been enabled for your business, together with regular security awareness training for your staff so that they know what to spot and also what to do/not to do.
Small and medium-sized businesses are at the highest risk
Research carried out regarding cyber security readiness among small and medium-sized businesses (SMBs) continue to be poor. Although SMBs are falling victim to data breaches and other attacks regularly, the attitude still exists for many that they are either too small or that their data isn’t valuable enough to warrant an attack from a cyber criminal. This is categorically untrue.
Webroot found that 71% of SMBs admitted that within 24 months of experiencing a data breach or cyber attack, they faced, “operational disruption, reputational damage, significant financial losses or regulatory penalties” as a result.
And this will still continue throughout 2020.
SMBs will continue to be targets for cyber criminals because they maintain vulnerable unsecure environments. Unfortunately SMBs assign a low budget to cyber security, may not know who to speak to around improving cyber protection and therefore their reticence is usually from a point of ignorance surrounding cybersecurity.
The research found that 36% of SMBs had no full-time staff dedicated to cyber security and that the SMBs typically targeted by cyber criminals had under 50 employees. In these businesses it usuaslly fell to a single IT admin or someone in finance or operations to head up their company’s cyber security. This person both had lack of knowledge and budgets assigned.
Look to have your day-to-day IT and cyber security requirements outsourced to an IT Company. This will not only ensure protection from existing and emerging cyber threats by IT security experts, but will form a positive part of your overall business continuity plan.