Dave's Blog

How to prepare for the new era of phishing and ransomware

February 15, 2022

A recentSentryBay poll revealed that 69.1% of professionals with security responsibility believe are think is needed to deal with the threat of cybersecurity now that devices and applications have moved outside the corporate network.

2021 saw record-breaking ransomware pay-outs, and the ransomware model itself evolve – data is now increasingly being exfiltrated as well as encrypted in a process known as double extortion. In its recent annual review, the NCSC said there were three times as many ransomware attacks in the first quarter of 2021 than in the whole of 2019.

Over the past few years, phishing has also been increasing in volume and sophistication. 2020 saw over 60,000 phishing websites, and one in every eight employees sharing information on a phishing site. However, attacks such as SolarWinds and Log4j are simply the tip of the iceberg.

More personalised, more targeted, more dangerous

In 2022, everyone is a potential victim, not simply the largest organisations. According to Ponemon Institute’s State of Cybersecurity Report,45% of small to medium sized businesses around the globe say that their processes are ineffective at mitigating attacks, and 69% notice that cyber-attacks are becoming more targeted. 

Ransomware as a Service (RaaS) and double extortion ransomware are still on the rise. Cybercrime has become a global enterprise, with attacks often run by large criminal groups and state-sponsored hacking organisations, utilising insider threats and even offering flexible terms of payment, such as decrypting assets in instalments. These groups are investing substantial time, effort, and finances into maximising the impact of cyber-attacks by employing AI, machine learning, and other sophisticated technologies.

There is excitement on the dark web around the potential of deepfake technology as a regular method of attack, for example. One Dubai bank was recently defrauded out of $35 million after deepfake technology was used to imitate a company director over the phone. The Clop group suffered a similar attack after the compromise of the legacy FTA file transfer service from Accellion, affecting dozens of customers, from global law firms to aircraft manufacturers.

As well as “smishing” (SMS + phishing), business email compromise is also becoming increasingly lucrative, and malicious phishing emails are no longer so easy to identify.  All it takes is one employee to fall for an email from a hacker pretending to be a colleague, featuring an attached PDF titled "invoice", or “legal action.

 

Perimeter-only defences are no longer fit for purpose

 

Many recent cyber-attacks have seen hackers effortlessly breach perimeter defences. Traditional VPNs and perimeter-based security are officially on their way out, and with the increased implementation of SaaS, networks are more vulnerable to attack than ever before.

 

Furthermore, AXA announced last year that it would no longer reimburse cyber insurance policyholders in France if they chose to pay ransom demands to cyber criminals. We will likely see insurance policies demand the implementation of critical cybersecurity controls to reduce the risk of breaches – and pay outs only in exceptional cases. As to how this could be done, one solution is the creation of a micro-environment in which data and applications are securely wrapped at the kernel level, and kept safe, regardless of how and where teams are working.

 

Worryingly, Cybersecurity Magazine reports that 43% of SMBs do not have any cybersecurity plan in place, that 1 in 5 small companies does not use endpoint security at all, and that 52% ofSMBs do not have any IT security experts in-house.

 

Protect your business against the human element

Hybrid and remote workers are increasingly appealing targets. Processing power and bandwidth connectivity in employees’ homes is increasing, and a home network is much easier for a hacker to infect with malicious software than an enterprise IT environment. If a hacker successfully infects multiple devices, they will be able to change IP addresses or even domain names dynamically during malware campaigns, foiling traditional defences such as DNS filtering and IP blocking.

Anyone with access to a device poses a significant threat to the safety of an organisation’s data, employees, customers, and reputation. This is why the White House has instructed all federal agencies to officially move towards a zero trust approach to cybersecurity, to reduce the risk of cyberattacks against the government’s digital infrastructure. A Zero Trust approach will help those agencies to detect, isolate, and respond to new and different types of threats more rapidly. 

 

Indeed, our latest poll found that 58.3% of respondents believe that a zero trust approach to security is essential, but that only a third (33.6%) have implemented such an approach.

The reality is that ransomware will continue to be a threat because there are so many easy targets. Every business in every industry must focus on understanding the ransomware threat, generating cybersecurity awareness among their teams, and taking a proactive, zero trust approach to protect systems, networks, and devices.

 

Download our latest white paper for all the steps to delivering a BYOD strategy in a hybrid environment.

Download the Whitepaper
Oops! Something went wrong while submitting the form.

Related Products

explore products

Related News & Resources

RESOURCES