There’s every indication that the pandemic is changing the nature of cybersecurity. Online threats are evolving to match our new remote-work paradigm, with 91% of businesses reporting an increase in cyberattacks during the coronavirus outbreak.
Hackers are getting more and more sophisticated and targeted in their attacks. Many of these cyber threats have been around for a while, but they are becoming harder for the average user to detect. Beware of these four common types of cyber threats – and learn what you can do to prevent them.
1# Advanced phishing attacks
Phishing takes place when a hacker tricks an individual into handing over information or exposing sensitive data using a link (with hidden malware) or a false email. These types of security threats are quite common, but in recent months they are becoming even more advanced.
Microsoft’s recent survey of business leaders in four countries found that phishing threats are currently the biggest risk to security. Since March, 90% of those polled said that phishing attacks have impacted their organization, and 28% admitted that attackers had successfully phished their users. Recently, phishing emails have targeted enterprises to capture personal data and financial information using one of the following tactics:
- Posing as a provider of information about COVID-19 vaccines, PPE, and other health and sanitation supplies
- Creating false “portals” for business owners to apply for government assistance and stimulus funds during the economic shutdown
- Using download links for platforms and tools that help remote teams communicate, such as video conferencing
- Posing as “critical update” downloads for enterprise collaboration solutions, such as Microsoft OneDrive, and social media applications
- Targeting IT service providers that ask for payment in order to provide tech support.
Phishing is so effective because it can be very hard to recognize and targets individual people, rather than IT vulnerabilities. Yet, they are still ways to lower your risk of phishing.
How to prevent phishing: The best chance to prevent phishing attacks is to educate your teams on what to look for in a phishing message. Poor spelling and grammar, as well as an email address that doesn’t match the user, are telling signs of a phishing message. If an offer seems too good to be true, it is a good sign you’re being scammed. In addition to user education, you can add multi-factor authentication and other interventions to stop phishing messages from getting through. “Spam filters with sandboxing and DNS filtering are also essential security layers because they keep malicious emails from entering the network, and protect the user if they fall for the phishing attempt and end up clicking on a malicious hyperlink,” said one security expert.
Ransomware is a type of security threat that encrypts a victim’s files so they can’t access their information. The hacker then asks for a ransom – usually payment – to restore access and decrypt the user’s data.
How to prevent ransomware: First and foremost, it’s important to make sure your security protocols are kept airtight – and apply security patches as quickly as possible to prevent hackers from exploiting vulnerabilities. A tool like Nightfall can make it easier to maintain a strong defense, with AI monitoring your network for any issues. Multi-factor authentication can also prevent hackers from getting too far into your system. You should regularly back up your system so if a ransomware attack does happen, you’ll be able to recover some data.
3# Password-based cyberattacks
A password-based cyberattack is one that targets users who have the same password for multiple sites. Research from the World Economic Forum found that 4 out of 5 global data breaches are caused by weak/stolen passwords.
There are several different ways a hacker can infiltrate your system using a password-based cyberattack. The most common method is known as a brute force attack. This attack uses a computer program to try to login to a user’s account by trying all possible password combinations, starting with the most common and easiest to guess options – for instance, “1234” or “abcde”. Sensitive data like passwords, credentials and secrets are in constant danger of exposure, especially as more companies conduct the majority of their business in the cloud. The highly collaborative and always-on nature of cloud services make it hard to enforce good password practices. Therefore, organizations need data loss prevention (DLP) to secure essential data from being exposed.
How to prevent a password-based attack: Make it easy for users and security teams alike to circumvent the risk of password attacks by implementing password-free authentication methods. This is a type of authentication that requires a user to confirm their identity during the login process through a separate channel. This extra step can also protect your workspace in case there’s any account compromised or if a device gets stolen.
The internet of things makes life a lot easier – and also more open to bad actors. Connected devices are an increasingly popular target for cyber threats. In 2019, cyberattacks on IoT devices increased by 300%, according to one report. This includes attacks on everything from laptops and webcams to smart homes (like Google Nest), smart watches, routers, and other home appliances.
How to prevent IoT attacks: IoT attacks are sophisticated, and the best ways to protect your devices are to use strong passwords and keep your software up to date. Experts also suggest keeping your devices unlinked from social media.
Hope you have gathered a good knowhow about cybersecurity attacks and how to prevent them!
Latest posts by Sanghamitra Roychoudhary (see all)
- 4 Most Common Types of Cybersecurity Threats - February 20, 2021
- Role of Artificial Intelligence in Education - December 20, 2020
- Top 6 Things You Should Do to Be the Best Technical Recruiter - December 20, 2020