In today's cyber-obsessed world, you only have to scroll the web pages of your favourite online news agency to see that with a new day comes new reports of cyber attacks. From ransomware to phishing scams and state-sponsored attacks, it is clear that cybercrime is an increasing threat to all businesses and online users.
Cybersecurity statistics – did you know?
Cyber incidents almost doubled between 2016 and 2017. With the most significant growth driven by ransomware and new attack methods. Proving that the sophistication of cyber attacks is developing. Now, the likelihood of your organisation falling victim to a cyber incident is at its highest level in history. (Online Trust Alliance)
With the threat level at critical, it has never been more pertinent to task your company to adopt a cyber readiness plan and increase your organisation’s cyber maturity and ability to respond to an attack and survive.
No longer can you choose to say ‘IF’ an attack happens to my organisation. Today’s savvy businesses understand that preparation is critical and this will ensure that ‘WHEN’ they face an attack they detect it first, respond appropriately and recover quickly with minimal harm to their company and brand.
“WHEN AN ATTACK HAPPENS WE WILL RESPOND LIKE THIS…..”
Let’s take cybersecurity seriously
However, with a staggering 93 per cent of all breaches in 2017 labelled as easily avoided, it is clear that not all organisations are taking cybersecurity seriously. With nearly all cyber violations in 2017 a result of simple cyber hygiene practices (from the failure to update software, blocking fake emails and training employees to detect phishing scams) it is clear that we need to ensure that cybersecurity policy and practices are adopted from board level down to all employees. (Online Trust Alliance)
How is cybercrime evolving in 2018?
Our security analysts can reveal that current cybersecurity threats in 2018 are showing an upward trend towards ransomware attacks. Plus cybercriminals seem to be using more undercover techniques to steal financial rewards and purge your computing assets.
Here we talk about three major cybersecurity trends of 2018 so far.
The theft of digital currency cryptocurrency known as crypto-jacking is creating the most significant impact so far this year.
In the first half of the year, a reported 96 per cent increase in cryptocurrency mining detections took place compared to all of 2017 (Trend Micro).
The shift in attack techniques indicates that the cybercriminals are moving away from what we have become to know as the standard cyberattacks of ransomware and data breaches to the more stealth / tactical crimes involving the theft of computing power and digital money such as Bitcoin and Ethereum.
There has been a rise in 2018 in the amount of unusual malware used in cybercrime. We are now seeing more fileless, macro and small file malware.
Reports show a 250 per cent surge this year in the exposure of TinyPOS, a small file malware. The malware’s rise in popularity could link with improvements in its ability to bypass defences that only use one form of security resistance. (SC Magazine)
3. SCADA Vulnerabilities
The Zero Day Initiative (ZDI) purchased and disclosed twice as many SCADA vulnerabilities compared to the same time last year.
Organisations running these environments must stay vigilant to this growing cybersecurity threat, understanding the potential impact on not only their business and brand but the broader damage to critical infrastructure.
Examples of recent cyber breaches recorded in 2018:
2018 has uncovered more third-party breaches and theft of customer data from multiple companies. Here we discuss some of the most recent major data breaches and privacy flaws emerging trends.
STRAVA | January | Privacy Breach
Fitness company Strava fails to conceal the locations of military personnel and their whereabouts. Also, the company made their data, such as their name and heart rates discoverable. (The Register)
AADAAR | 3rd January | Inside attack
On the 3rd January 2018, Aadhaar, India's giant one billion people public database experienced a breach by past employees. Reports indicate that former staff members provided access to names and contact information. (Business Standard)
MYFITNESSPAL | February | Data Breach
150 million people were affected when sports retailer Under Armour revealed its fitness app MyFitnessPal had lost their usernames, email addresses, and passwords. Despite encrypting their data, the information was stolen from its systems. (The Guardian)
MYHERITAGE | February to June | Data Breach
92 million people were affected when DNA testing firm MyHeritage suffered a massive data breach. Personal data such as emails and some password information were exposed. Thankfully all DNA records remained uncompromised when access to a private server was passed to third-party security researchers. (Reuters)
TICKETMASTER | February – June | Data Breach
40,000 Ticketmaster user records were at risk of breach, including payment data earlier this year. Digital bank Monzo recognised the violation and made the ticket-selling website aware of the insecurities. (BBC)
TYPEFORM | May – June | Data Breach
Hackers stole information collected by survey company Typeform in May and June. Typeform’s clients such as Fortnum and Mason admitted that their data was vulnerable. (Securityweek)
REDDIT | June | Data Breach
Social news and discussion website Reddit was breached by attackers when staff logged in to their systems. Using the employee accounts, the unidentified criminals took the email addresses of current users and a 2007 database. It is likely that the group will leak the information, linking it to real people. (Metro)
TIMEHOP | July | Data Breach
More than 21 million people were affected when the social network application Timehop, a third-party feed of posts for Facebook and other social networks, detected an ongoing cyber attack in July. The memories posting feed discovered names, email addresses and keys granting access to previous posts. However, the social company claimed that it had managed to delay the hackers access to historical posts. (Independent)
POLAR FLOW | July | Privacy Flaw
In a similar privacy failure to Strava, the fitness app Polar Flow revealed the locations of military personnel inside secret bases around the world. As simple as changing a URL allowed anyone to see the workouts of soldiers. (Infosecurity)
Concluding a review of current cyber threats
The first-half review of 2018 reveals changes to the cyber threat landscape, with new and emerging threats to mitigate from crypto jacking to new malware through to the rise of critical infrastructure security vulnerabilities.
Mostly, it confirms that the ‘traditional way’ of securing networks no longer exists and it is by arming your people with security awareness, as well as building your physical security defences, which can make the difference.
Finally, the upward trend in cybercrime shows that more than ever before we need to stick to the mantra that cybersecurity is everyone’s problem – and it is not ‘if’ an organisation is breached but ‘when’. Preparing the entire company for a cyber attack is vital to ensure that it can withstand the fallout effectively, providing the business confidence that not only will it survive but thrive in the future.