A New Cyber Landscape
In an ever-evolving world of technology, it seems we are always one step-behind. Just as the iPhone X was coming out, I was upgrading to a 7S. A new app came out that helps you manage your expenses. Meanwhile I think the excel document I have developed (fancy formulas and all) is the bee’s knees. The point is, we can’t keep up with our technology.
The same is true of our technological defenses against cyber-attacks. According to the 2019 Webroot Threat Report, 93% of malware observed was polymorphic. Poly what? This means that it can change its code to evade detection. Everyday cyber criminals are coming up with new, inventive ways to monetize defenseless technology.
It’s Not a Matter of If – It’s a Matter of When
Information theft, loss or attack is now the number one crime against organizations. According to the ENISA Threat Landscape Report of 2018, these crimes have now surpassed physical theft which was the leading crime against organizations for a decade.
The University of Maryland did a study that found malicious hackers are now attacking computers and networks at a rate of one attack every 39 seconds.
In a survey done by Imperva, 78% of surveyed organizations were affected by a SUCCESSFUL cyber-attack in 2018. (Imperva 2019 Cyberthreat Defense Report). If you think it can’t happen to you, you’re wrong. No business is too small or too large.
It’s an interesting landscape you are facing as a security industry. Your life’s work is preventing loss of physical property. I can’t imagine a security company that doesn’t have a system on their own building. You do an amazing job at protecting physical assets, both for your customers and yourself, but what have you done to protect yourself against the new leading crime against you?
New Wave of Cyber Threats
As research organizations have taken a step back and reviewed the 2017 – 2018 data for cyber-attacks, they have noted that Ransomware attacks are on the decline. We should really qualify this statement – SUCCESSFUL Ransomware INFECTIONS are on the decline. Microsoft Security Intelligence Report states that ransomware infection rates “declined approximately 60% between March 2017 and December 2018”.
There are many theories as to why this decrease is occurring. One is that companies are choosing to simply pay the ransom to regain access to their system and prevent further infection. The second is that organizations have become savvier in their efforts to protect themselves. Primarily, by backing up their systems. This makes ransomware attacks much less lucrative for hackers.
Since hackers are opportunistic, they have moved on to other forms of cybercrime.
The most current “in-season” crime is Crypto jacking. Cyber criminals now spread malware that infects your computer and unlawfully uses your processing power to mine crypto currency such as Bitcoin or Monero. Crypto jacking attacks have increased by 400% in 2018 (2019 Internet Security Threat Report by Symantec). During the first half of 2018, it was estimated that crypto miners have monetized their users for more than $2.5 Billion. Cyber criminals are moving to crypto jacking as it is simpler, more profitable and less risky for them.
Dare I say that it seems innocent enough as you wouldn’t necessarily notice someone is harnessing your processing power for their own greed? The issue is, they wouldn’t just be tapping into your office computers, they can tap into any devices related to your business. The effect for you – wear and tear on your systems at a rate unimaginable, exposing your system to additional cyber threats (there’s already a window open) and causing slowdowns in your processing systems impacting your ability to do business.
Oh, The Ways We Can Be Hacked
While we might not be able to keep up with technology, cybercriminals are quick to find ways to get around our security efforts. In 2018, supply chain attacks grew by 78% (2019 Internet Security Threat Report by Symantec). Cyber criminal’s tactics generally leverages available information. According to Microsoft, 62% of network intrusions are the result of compromised user passwords and usernames.
In addition, malicious software is now taking aim at mobile devices. The downloading of apps onto your mobile devices could be introducing malware into your system. 27% of malicious apps were found in the lifestyle’s category followed by Music & Audio and Books & Reference. Third party apps host nearly all malware discovered. Third party apps are apps that are made by someone other than the manufacturer of the mobile device or its operating system.
Seemingly innocuous documents such as Word, PowerPoint, Pdf or Excel account for 52% of all malicious file extensions. This is a result of hackers preying on our “click” culture.
No, I don’t mean the jocks, nerds or theatre groups – I mean our inability to avoid the urge to “click” on a document, “click” on an advertisement, “click” on that friend request…click, click, click…
What is a Company to Do?
Cybercriminals will always be attempting to access your system and use it to make a buck and, eventually, they will. There are ways, though, that you can protect yourself and be prepared for when it happens. It’s a good idea to invest in processes and procedures aimed at managing your risk – email monitoring, constantly updating technology, filters, backing up your systems regularly and educating your employees.
Additionally (and I like to think most importantly), purchase value-added insurance. Behind Security America’s extraordinary cyber insurance is industry pioneer, Beazley. Beazley has helped clients handle over 5,000 data breaches since the launch of its flagship product, Beazley Breach Response, in 2009. Handling that volume of breaches, you learn a few things about identifying and reducing risk. Experience they are willing to hand down to our insureds. Learn more about ESA’s insurance arm, Security America.
ESA member receive exclusive discounts on all Security America insurance policies. Learn how you can utilize the power of membership, by scheduling a discovery call today.