With an unprecedented explosion of cloud-based applications facilitating the speed and convenience of remote working and mobile communications, the technology landscape has never looked so different.
Sensitive information is now stored in multiple geographic locations and shared between roaming users. Evolution at such a pace has presented several challenges for data security and privacy that require closer scrutiny.
Many of these platforms only offer a single layer of security and are incredibly vulnerable to compromise, coupled with a poor level of security alerting. This lack of security has not gone unnoticed by cybercriminals, the average time a company even notices a network security breach is 197 days. (source).
Here are 5 of the most critical types of security breach that every IT Team should recognise, budget and plan for to ensure they are ready for the security challenges that lie ahead.
1. Data Theft
Although cybercriminals tend to target companies, the actual data stolen can often affect millions of individuals. Hacked customer information such as credit card numbers, bank accounts, health records and residential addresses are most commonly sold on to the highest bidder.
In 2019, Capital One announced that nearly 106 million customer accounts and credit card applications had been compromised (source); this is just the tip of the iceberg.
You would imagine that trusted brands such as the Marriot Hotel chain learned a lesson when a staggering 500 million customer records were hacked in 2018. Unfortunately not, as in 2020, the guest information of a further 5.2 million individuals was stolen. (source)
Sensitive corporate information is also at risk from data thieves. Prototype designs, plans, business strategy and potential future acquisitions are just a few examples of corporate data that can become the downfall of a company when in criminal hands. Data can be stolen using a number of sophisticated methods such as malware, phishing, social engineering and even physical theft.
2. Ransomware Attacks
Ransomware is a type of software that cybercriminals use to extort money from companies in exchange for the safe return of their data. Even if the data that the criminals now have access to has no intrinsic value, a well-executed ransomware attack can be big business. Such attacks come in three main guises;
- Threaten to publish sensitive data on the internet in an effort to tarnish the target company.
- Encrypt the compromised data to extort money in return for the valid de-encryption key
- Lock the target company out of their own IT systems until the ransom is paid
GPS fitness-tracker giant Garmin is just one of the more recent ransomware attacks of 2020. Cybercriminals demanded the company pay a ransom of £7.79m ($10m) to retrieve all of their data back that was encrypted by the WastedLocker ransomware variant. (source)
Lives can also be put at risk. The 2017 WannaCry outbreak effectively locked the NHS out of their own IT systems. Patient data and relevant booking information were unreachable in an attack that disrupted one-third of hospital trusts in England. (source)
A disturbing new ransomware trend has emerged in 2020 where instead of simply encrypting a victim’s files, the ransomware also steals that sensitive data for sale on the black market. Ransomware such as Ako, CL0P, Maze, Pysa, Nemty, Snatch and WastedLocker are just a handful of such variants.
3. End-User Phishing
Cybercriminals prefer not to spend time battling a state-of-the-art internet facing firewall running the latest security updates when they can sneak in the backdoor. Compromising an end-user account is still the quickest way to gain access to a relatively secure corporate network infrastructure.
A well-crafted bogus email containing the latest malware or phishing code can be used to gather end-user login credentials and other sensitive information. When performed on a large scale, this acquired information can be used in a variety of ways to extort money from the target company.
4. Viruses & Malware
Whereas a virus moves from device-to-device infecting and damaging the files and systems it interacts with, malware goes one step further. This discreet piece of software is designed to remain undetected on each device that it infects, silently compromising system after system throughout the network.
Mobile devices such as tablets and mobile phones, in particular, are now prime targets for malware infection. These devices tend not to be as well protected by the corporate network security policy, yet offer the user both email and internet browsing ability. Malware is usually able to compromise a device if a user inadvertently opens a bogus email or visits a compromised website.
Once remote control of the user device is gained, corporate network security systems may struggle to detect such a security breach as any access request will be coming from an authorised user on an authorised device.
5. False Data Injection & IoT
With the rise of the Internet of Things (IoT) and their more sophisticated industrial counterpart, IIoT, another emerging trend is False Data Injection (FDI).
Using a combination of machine-learning and malicious packet generation, criminal gangs can compromise or completely hijack a variety of IoT and IIoT sensors. Such an attack could easily disrupt vital nationwide utility services such as gas, electric or water and be modified into a ransomware attack to generate a maximum financial return for cybercriminals.