Cybersecurity is a living thing, constantly moving in new directions. The size and scope of attacks grow, the biggest cybersecurity threats change (although previous biggest cybersecurity threats rarely disappear), and the methods of attack evolve.
That’s why it is important for organisations of all shapes and sizes to stay on top of current cybersecurity threats. Understanding what the current trends are is how organisations can protect themselves against cyber attack when it comes. The information provided by cybersecurity agencies helps organisations build cybersecurity strategies that can help them reduce the risk of current cybersecurity threats becoming attacks.
What are the biggest cybersecurity challenges right now?
Increasing number of attacks: Cyber attacks in the UK are on the rise. The National Cyber Security Centre (NCSC) annual review 2021 reported that they were called to support 777 organisations following a major attack in the year to August 2021. This figure represented a 7.5% increase on the year before.
Another government report published earlier this year, the Cyber Security Breaches Survey, reported that 39% of all businesses reported a cyber attack or cybersecurity breach in 2020.
The actors behind these attacks are also changing. Some of the highest profile attacks mentioned in the NCSC Annual Review were attributed to nation state actors, particularly Russia and China.
Larger digital footprint: As the impact of the Covid-19 pandemic continues to push employees to work remotely, and organisations put in more and more technologies to support remote working, cyber criminals continue to take advantage.
The move to remote working has pushed many organisations to increase their digital footprint, investing in more systems, and investing in cloud-based solutions so that their remote workers can easily access their work. This in turn increases the attack surface through which they can be attacked (more about that later).
Lack of protections for employees: Remote working removes employees from the safety of the office network. Only 35% of organisations in the Cyber Breaches Survey responded that they deploy security monitoring tools, and only 32% undertake user monitoring as it is more difficult when employees are working outside the network.
Keeping track of endpoints is also difficult, and pushing security products such as malware protection and program and system updates is also more difficult when employees are working remotely. Overall visibility of cybersecurity has reduced over the pandemic.
Furthermore, cybersecurity training for employees has decreased even as the risks have grown. The Cybersecurity Breaches Survey reported that just 20% of organisations test their employees’ cybersecurity knowledge, and just 23% have policies that cover remote working which could help employees stay safe when working remotely.
What are the biggest cybersecurity threats right now?
The top current cybersecurity threats contain some familiar trends, and some twists on old forms of attack. Below are three of the biggest cybersecurity threats, out of a list of many more.
Ransomware is one of the biggest cybersecurity threats facing organisations. Use of ransomware has been growing over the last few years, and the rate of ransomware attacks more than doubled between 2020 and 2021.
Recent ransomware attacks have used “double extortion” attacks. In these attacks the attacker will steal data before they encrypt it. This way, if an organisation does not pay the ransom because they have a backup in place, the ransomware gang can threaten to release their data unless they pay up.
This now puts further pressure on organisations to protect data at rest, avoiding keeping it plain text that can be accessed by criminals.
Supply chain attacks
The last year has seen an increase in high profile supply chain attacks. In a supply chain attack, attackers will target less secure organisations within a supply chain to move up and down the chain and gain access to as large a group of victims as possible.
The first attack last December was the SolarWinds hack, which exploited a vulnerability in a supplier (SolarWinds) to gain access to high profile organisations including the US Treasury, cybersecurity firm FireEye, and other government agencies across the US and even the UK.
In March, Microsoft announced that their Exchange Servers had been compromised by Chinese state actors. Microsoft is one of the world’s largest suppliers, and thousands of organisations of all sizes were impacted by this attack.
The Kaseya ransomware attack in July 2021 was a classic supply chain attack. Kaseya’s tool for managed service providers was compromised giving the attackers access to their customers’ systems. In all, over 1,500 organisations were affected by these attacks, including the Swedish Coop chain, and dentists in New Zealand.
For smaller organisations such as small businesses and startups, supply chain attacks are a double threat. Small businesses may be the final victims of an attack on their supplier. Thousands of small businesses were impacted by each of the three attacks listed above even if they weren’t the primary targets.
Smaller organisations may also be the target for launching the attack – the broken link in the supply chain. The attacks above (other than the Microsoft attack) targeted smaller players with perceived weaker cyber protections.
Phishing and social engineering attacks
Phishing and social engineering are still popular forms of attack because people still fall for them. 80% of UK organisations reported that they experienced phishing attacks in 2020 where criminals attempt to get regular employees to give them information or passwords that will give them access to an organisation’s systems.
The NCSC annual report mentioned that they saw thousands of phishing campaigns targeted at users, including 442 phishing campaigns using NHS branding, and 80 illegitimate NHS apps.
Phishing and social engineering are deceptively simple. A surprising number of people fall for them, inadvertently providing a launch pad for cyber criminals to enter systems and launch the types of catastrophic attacks listed above.
How to avoid cyber threats
Reading the headlines, it would feel as though the criminals always get their mark. However, just like an iceberg, the reality is that a large proportion of cyber attacks are repelled by organisations who have put effective cyber defences in place.
NCSC annual report gives the example that the University of Oxford’s vaccination research team were able to repel a ransomware attack that would have severely disrupted their research. This was because they had followed a cybersecurity programme earlier in the year.
In another example that did make the headlines, Manchester United FC were able to minimise the damage of a cyber attack, again because of the quality of the cyber defences they had in place.
So how can organisations avoid cyber threats?
- Create a cybersecurity programme that includes policies, processes, and roles and responsibilities.
- Check for misconfigurations of networks and systems, and in cloud environments.
- Secure networks, systems, and cloud environments with protective technology such as firewalls, endpoint protection, anti-malware, and more.
- Protect sensitive data with encryption at rest and in transit.
- Create a backup schedule and store backups securely on a different network.
- Train employees to be safe – encourage strong passwords and help them understand their cybersecurity responsibilities.
- Create a measurement schedule to understand the success of the cybersecurity programme.