The threat landscape is constantly changing and evolving. Attack sophistication is growing, cybercrime actors are diversifying their modus operandi, and organizations continue to invest in technology to run their businesses.
As businesses worldwide migrate to the cloud and layer more systems into their IT networks to support remote work, enhance the customer experience and generate value, new vulnerabilities and attack opportunities for cybercriminals are introduced.
The figures ¹ below tell a thousand words about today’s threat landscape.
Ransomware is continually evolving, with new variants appearing, new ransomware groups emerging, and new techniques and tactics designed to make the most money from attacks. But the main problem with ransomware is not the technology itself but the disruption it causes.
According to Gartner®, in 2021 most ransomware attacks targeted mid-sized enterprises with less than 1000 employees (82%) ². While large enterprises may seem to be more lucrative prey and continue to be impacted (and certainly receive almost all the media coverage), ransomware remains disproportionately a small and medium sized business problem. That’s because mid-sized businesses are more likely to under invest in cybersecurity and struggle to properly secure their critical assets. This makes them very inexpensive targets. On top of being an easier target, smaller companies are often more appealing to cybercriminals because going after large, high-profile organizations brings a lot of heat on ransomware groups from law enforcement. As a result, criminals have slowed down their "big game" hunting or targeting of large businesses and critical infrastructure and now focus on smaller businesses, whose victimhood might draw less attention. The proliferation of ransomware attacks targeting midsize companies means that even those that don’t currently employ or engage a security team have a responsibility to act.
Unfortunately, the human element continues to drive breaches. According to Verizon, in 2021 82% of breaches involved the human element. Whether it is the Use of stolen credentials, phishing, misuse, or simply an error, people continue to play a very large role in cybersecurity incidents and data breaches alike.
In today’s digital world, everyone knows that phishing is bad, but somehow it is once again one of the most common vectors for initial access and ransomware. The FBI’s 2021 Internet Crime Report analyzed data from 847,376 reported cybercrimes and found a sharp uptick in the number of phishing attacks, increasing from 25,344 incidents in 2017 to 323,972 in 2021. Advances in sophistication of phishing, user fatigue and targeted, context-based phishing have led to this rise.
While early email phishing attacks usually involved some poorly worded scam messages to trick users into sending money to fraudulent bank accounts, today’s phishing emails are sophisticated, well-crafted social engineering attacks. Threat actors start by doing their homework: they research their targets by looking into public employee profiles and postings, and they check the organization’s partnerships and overall activities in order to plot a very convincing attack. And it works. According to Tessian Research’s report Psychology of Human Error 2022, a follow-up to their 2020 report with Stanford University, 52% of people clicked on a phishing email because it looked as though it had come from a senior executive at the company — up from 41% in 2020.
With countless reports of ransomware incidents in the media, remaining defenseless is no longer an option. Here’s what to do to make sure your business is ready to fend off attacks in 2023.
The foundation of your protection should be a set of high-quality prevention security controls, providing wide coverage and applying different techniques to recognize malicious intent.
While zero-day and advanced persistent threats grab headlines and surely keep cyber security executives on high alert, most attacks leverage older, overlooked vulnerabilities. It is important to not overlook employing even the most basic preventative measures to cyber threats. This may include hardening your security infrastructure, gaining visibility into areas of potential vulnerability (i.e., humans and devices), as well as continually conducting cyber hygiene checkups of your ecosystem.
Most data breaches are caused by people, either due to lack of awareness and training, negligence, or plain error. And with phishing and social engineering attacks primarily tapping into human psychological elements and vulnerabilities, CISOs should place the human element in the middle of their cybersecurity strategy.
A change of mindset is needed from "cybersecurity is the responsibility of IT" to "cybersecurity is everyone’s responsibility.” It is important for employees to understand how cyberattacks can impact their businesses and how to protect themselves. Increasing security awareness at employees’ level should be an ongoing process that must cover a wide variety of topics and examples of phishing, ransomware, and social engineering attacks.
The best protection against modern ransomware attacks is to implement a defense-in-depth architecture. A defense-in-depth architecture leverages multiple security measures to protect an organization's assets. The thinking is that if one line of defense is compromised, additional layers exist as a backup to ensure that threats are stopped along the way. The foundation of your protection should be a set of high-quality prevention security controls, providing wide coverage and applying different techniques to recognize malicious intent.
Start with reducing the attack surface, combined with automated prevention controls to prevent most security incidents. Sure, some security incidents will still happen. But major security breaches are avoidable with proper security hygiene, solid defense-in-depth strategy, and great security tools. Combine this technology foundation with mature security operations (in-house or through managed services) for greater efficiency and cyber resilience.
In 2023, the threat landscape will continue to be more varied and diverse. We expect ransomware to keep making headlines, human error to play a big role in security incidents, and organizations irrespective of size to strengthen their security posture and improve their cyber resilience.
¹ Source: IBM, Cost of a Data Breach Report 2022
² Gartner Ransomware in Midsize Enterprises
Gartner® is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
tags
Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide. Guardian over millions of consumer, enterprise, and government environments, Bitdefender is one of the industry’s most trusted experts for eliminating threats, protecting privacy, digital identity and data, and enabling cyber resilience. With deep investments in research and development, Bitdefender Labs discovers hundreds of new threats each minute and validates billions of threat queries daily. The company has pioneered breakthrough innovations in antimalware, IoT security, behavioral analytics, and artificial intelligence and its technology is licensed by more than 180 of the world’s most recognized technology brands. Founded in 2001, Bitdefender has customers in 170+ countries with offices around the world.
View all postsDon’t miss out on exclusive content and exciting announcements!