The past few years have been big for cybercrime, from major nation-state attacks to the ever-evolving wave of new threats facing businesses and private users. Are you prepared to stay secure through 2023?
New Cybercrime Trends You Need To Know About
With each year that passes, cybercrime tactics and weaponry continue to advance, and cybersecurity defenses struggle to keep pace.
For small businesses, the situation is especially dire. According to a study conducted jointly between Cisco and the National Center for the Middle Market, over 50% of small businesses have no cybersecurity strategy or plan in place and for those that do, most have not reviewed the plan in over a year.
A cybersecurity strategy and plan, once created and adopted, must be reviewed at least annually to ensure that current threats are considered.
Cybersecurity is not a one-and-done solution; the threat landscape evolves at a rapid pace and frequent reviews ensure that the plan will help reduce an organization’s cyber risk profile. That’s why you need to be aware of the greatest threats to your business and plan against them.
Trend #1: The Threat Of Cybercrime Is Evolving
Every day, cybercriminals attempt to adapt their methods to overcome new standards and defenses in cybersecurity. Nowhere is this more evident than with ransomware.
Just a few years ago, ransomware wasn’t as big of a concern. While high-profile incidents like the WannaCry attack on the NHS were concerning, they were far and few between. If you had a recent backup of your data in place, you could rely on that to replace your data in the event it was encrypted by ransomware.
Since then, however, the way cybercriminals use ransomware has evolved. They have improved their tactics and capabilities, allowing them to do much more damage, and demand much more money.
Characteristics of modern ransomware attacks include:
Sophisticated attackers sneak ransomware into a breached network and then lay dormant for weeks or months, ensuring their method of entry isn’t discovered right away. This gives them time to embed themselves, steal data, and more, all before they actually activate the ransomware and infect the systems.
Without undertaking extensive forensic processes, an infected business won’t know how far back they need to go to back up their systems. Or, even worse, it will be so far back that they’ve already expunged those backups to make room for more recent versions.
Modern forms of ransomware can even target and infect backup hard drives and cloud-based data if the connections are left unsecured. That’s why cybersecurity professionals are now recommending digitally-air-gapped backups as well.
Given the effectiveness of modern ransomware attacks, defensive methods and best practices from just a few years ago are already losing feasibility. All of this is to say that you can’t assume you won’t be infected at some point.
Your Ultimate Ransomware Defense Checklist
- Deploy a next-generation antivirus solution that uses AI-based capabilities to monitor activity and detect ransomware in real-time.
- Have a policy in place that verifies software updates are being applied in a timely manner. Unpatched software can be exploited by cybercriminals to infect your systems with malware.
- Access controls should be configured so that shared permissions for directories, files, and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories.
- Implement Multi-Factor Authentication to protect accounts from access with breached passwords.
- Train your staff to ask themselves these key questions before opening an email:
- Do I know the sender of this email?
- Does it make sense that it was sent to me?
- Can I verify that the attached link or PDF is safe?
- Does the email threaten to close my accounts or cancel my cards if I don’t provide information?
- Is this email really from someone I trust or does it just look like someone I trust? What can I do to verify?
- Does anything seem “off” about this email, its contents or sender?
- Macro scripts in email
- Files running within AppData or LocalAppData folders
- Remote Desktop Protocol capabilities (unless needed, in which case they should be limited to internal network use)
- Software restriction policies should be created or other controls implemented that prevent the execution, especially in the common locations where ransomware lurks, such as temporary folders used by the most common web browsers.
- Have an annual security audit and penetration test performed to determine how vulnerable your organization is.
- Data backup best practices:
- Back up data on a regular basis (at least daily).
- Inspect your backups to verify that they maintain their integrity.
- Secure your backups and keep them independent from the networks and computers they are backing up.
Trend #2: Cyber Insurance Is More Expensive And More Complicated
The worldwide cyber insurance market USD $7.60 billion in 2021 and is expected to nearly triple by 2027. During the past years, as many of our client’s cyber insurance came up for renewal, a clear trend has emerged.
Cyber insurance carriers are requiring more sophisticated written cyber policies, tools, training, and disaster recovery systems before processing the renewal, and in many cases are also significantly increasing premiums for individual cybersecurity risk items that are not being addressed.
This has nothing to do with whether there has been a claim or not in the past, and everything to do with what steps the applicant must now take to address cyber security risk. All the carriers now have additional forms filled with cybersecurity questions that must be answered accurately before the carrier will renew the policy.
Have you been researching cybersecurity insurance, but aren’t sure if you qualify? Before you can secure coverage from a carrier, you need to do your due diligence and enhance your cybersecurity.
Cybersecurity insurance is protection designed specifically to help cover the potentially massive expenses associated with an unavoidable data breach. It can be a worthwhile investment, so long as you know how it works.
The somewhat inevitable nature of modern cybercrime has led businesses to consider cybersecurity insurance as a final layer of reassuring protection.
In fact, it’s becoming more and more necessary, as many insurance providers have begun drawing a clear line between normally covered losses, and those incurred by cybercrime-related events.
That means that if your cybersecurity doesn’t meet the standards of your insurance provider, you may not be as well covered as you think.
In order to determine what type of cybersecurity insurance you may need, it’s important to start by taking stock of your business and the potential threats posed to it:
Evaluate your system infrastructure
The best way for you and your team to determine the kind of coverage that is best for your business is to understand your IT infrastructure. By evaluating your systems from top-to-bottom, you’ll have a clear idea of all the different access points that could be leaving your network vulnerable to threats.
Improve your security to reduce rates
Don’t forget to look into how investing in your cybersecurity could save you money on premiums. Open up a dialogue about it with your potential Cybersecurity Insurance provider and see what they suggest.
Identify your risks
Next, it’s best practice to conduct a risk assessment and an impact analysis. Carefully review all your business’ assets—including financial data, customer information, and intellectual property. Categorize assets according to their risk and make considerations for the potential impacts that a data security event could have on all aspects of your business.
Trend #3: Nation-State Attacks Are On The Rise
Remember the nation-wide cyber incident in Costa Rica? Ihe infamous Russian cybercriminal group Conti launched a cyber attack on 30 institutions connected to the Costa Rican government. They extensively infected the government’s systems with ransomware, resulting in a near-total shutdown of the nation’s finance industry.
During the downtime, the government was unable to manage taxes, payroll, social security payments, and other citizen-based financial needs. At the same time, Costa Rican citizens began receiving WhatsApp spam messages to further threaten their security.
In the course of the government’s shutdown, they lost an estimated $30M USD per day.
Conti demanded a $10M USD ransom from the Costa Rican government and threatened to leak private citizen data if their demand was not met. Numerous countries including the US offered technical assistance during this bout of downtime.
To make matters more complicated, the Costa Rican government was also going through an election at this time. When the new President, Rodrigo Chaves Robles, took office, he declared a national state of emergency, and classified cybercriminal action as a terrorist activity.
Months later, Costa Rica is still reeling from the attack. They have suffered follow-up attacks by other cybercriminals on other institutions such as the Costa Rican Social Security Fund and healthcare system, and continue to go through the process of recovery and remediation.
The government has refused to pay the ransom and has worked continually to provide critical services in light of systemic IT issues stemming from the attacks.
Often originating in Asian and Middle Eastern countries, nation-state cyber attacks are unique in their danger because they are often executed with greater resources and near total immunity from any sort of justice when compared to garden variety, US-based hacks.
For example, in mid-2019, Microsoft warned more than 10,000 users that their personal data may have been affected by nation-state attacks originating in Iran, North Korea and Russia. 84% of these attacks targeted businesses, and the remainder went after individual accounts.
Many respondents in a report by Radware noted anxiety in using newer networked devices and smart technologies that are not necessarily as secure as conventional onsite IT environments.
Are You Sure Your IT Company Is Keeping You Secure?
You can’t assume that all IT companies deliver the same degree and quality of cybersecurity support.
You would be shocked at what the I.T. Matters team has uncovered during our assessments of new clients’ systems. Repeated passwords, unprotected endpoints, missing MFA, the list goes on.
Selecting a company to maintain your technology is one of the most important decisions you can make for your business. You must find the most competent and reliable IT support provider in your area.
Need Expert Cybersecurity Guidance?
Don’t let basic cybersecurity put you at risk, and don’t assume you have to handle advanced cybersecurity all on your own—I.T. Matters can help you assess your cybersecurity and develop a plan to enhance it.
You can start improving your cybersecurity by getting in touch with our team.
Would you like to reduce frustrations with technology and boost operational efficiency within your business? The I.T. Matters team partners with companies of various sizes to help you create a secure, scalable, and flexible technology infrastructure.
Exceptional customer service is at the foundation of everything we do – ensuring that IT projects fully align with your business goals. Our friendly and knowledgeable team continually reviews industry trends and government regulations to help reduce risk and create a more productive IT environment for your business. Whether you are looking for full-service, outsourced IT infrastructure support, or simply need help with an upcoming technology project, contact us to help!