The theme of 2019 being the worst cybersecurity year continues as research from Malwarebytes shows that hackers are more concerned about targeting businesses than consumers. According to the endpoint protection company, businesses are more lucrative targets, accounting for the shift. This accounts for the 79% increase in detected business malware.
In LATAM, hackers are focusing almost exclusively on businesses.
In addition, malspam has become the favorite attack vector – marking a huge change in delivery mechanisms.
Cryptomining has become an increasing threat to companies as well – thanks to the fact hackers can use corporate resources to mine for tokens/currency.
The US is the leader in hacks and information theft is the primary reason for the attacks. This has secondary problems for companies who have been hit. They must disclose such events and are then in danger of regulatory fines, lawsuits, drop in share price, loss in customer confidence and skyrocketing cyberinsurance rates.
Ransomware continues to be a crippling problem and it plagues numerous sectors such as consulting, education, manufacturing, retail, government and more.
Other issues to worry about are apps in app stores which are malicious, plugin and browser exploits and CMS hacks.
In every organization, human error is often responsible for the majority of breaches. Malspam is a very successful attack vector because users can be easily fooled.
Even the best-designed networks can be breached in this manner. We suggest every company use a phishing simulation tool which tests employees. One alternative, Phish360 is so effective, it has achieved almost 100% click rate when used in various organizations.
The good news is the workers who click can be quickly trained on what to avoid in the future.
Here are other areas all organizations looking to promote a cybersecurity culture need to focus on:
- Cybersecurity training must be done regularly.
- Auditing and documentation must be performed regularly to ensure systems are secure.
- Anomaly detection should be running constantly to detect threats as they emerge.
- Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.
- Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.
- An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.
To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services.
It’s a dangerous world and it is getting worse. Every company must be proactive to stay secure.