By Mike Buckley | Presales Consultant at Nettitude
In today’s ‘always on’ digital world, the rate at which organisations and individuals experience cyber-attacks is continually increasing. The University of Maryland state that on average, there is a hacker attack every 39 seconds, which equates to 2,244 times a day. In response to this, organisations have began to step up their cybersecurity, with Gartner reporting that Worldwide spending on cybersecurity is forecasted to reach $133.7 billion in 2022.
Moreover, we are beginning to see an increasing number of organisations hiring their own in-house cybersecurity specialists and teams to protect against network threats, but for many SME’s, this simply isn’t a feasible option. In this post, we’ll be exploring the top predicted types of network attacks which could affect organisations in 2020.1. 5G and Mobile Cyber-Attacks
With the recent introduction of 5G, which is described as being up to 5X faster than the 4G network on the best available connection, our very network fabrics are rapidly changing. From changing consumer experiences by enabling movie downloads in as little as 10 seconds and 4k/8k streaming with zero lag, to creating increased remote working and project collaboration possibilities for businesses, the gradual rollout of 5G across the UK and US, as well as the rest of the world, is set to create many opportunities and improvements alike.
However, the addition of 5G requires new technology, from new cellular masts that use different frequency bands, to new hardware including mobile phone handsets. This new technology is unchartered territory within the cybersecurity space and as such, poses a higher level of risk. In particular, we are noticing vulnerabilities with IoT devices which are connected to 5G networks, as the combination of more people connecting their household smart devices to the internet and 5G’s significantly improved speeds are working together to create rather enticing vulnerabilities for hackers.
Given the bandwidth available to 5G connected devices, we are predicting to see a rise in the amount of Distributed Denial of Service attacks (DDoS) on infrastructure. Whilst there are a lot of benefits of 5G, including drastically improved speeds, stronger encryption of data and better verification of network users, 5G networks are most certainly fuelling the continued rise in the size and scale of volumetric DDoS campaigns
2. IOT Cyber-Attacks
IoT based cyber-attacks are continuing to grow at an unprecedented rate, in which studies have shown that there are on average 5,200 attacks on IoT devices per month. One of the reasons for the increasing amount of attacks is that more and more households are beginning to add internet connected devices to their home, from smart speakers, to doorbells, baby monitoring devices, security cameras and even smart ovens and fridges. Whilst these devices do pose a higher risk of being hacked, there are some simple best practices to follow which can reduce the risk of an IoT device being hacked. Such measures include:
- Replacing weak passwords with stronger, less guessable one’s. The best way to do this is to use a password generator, as well as enabling multi-factor authentication (MFA).
- Keeping devices updated with the latest security patches by downloading them as soon as they become available.
- Buying IoT devices from a reputable brand that have a history of good security practices and provide frequent device updates.
- Ensure that business critical and personal data are transferred using a secure and encrypted method.
As seen a few years ago, in what has been suggested as the largest DDoS attack in history, the Mirai botnet attack of 2016 further highlighted the vulnerabilities that IoT devices possess and the opportunities this creates for cyber-criminals. As more and more of these devices are added to our homes and businesses, it’s becoming more crucial than ever before to ensure good security measures and being introduced in parallel.
Whilst the above measures will help to reduce the attack surface of IoT devices, it isn’t until manufacturers embrace higher security standards during the product development stages that we will begin to see major improvements.
3. Ransomware Cyber-Attacks
Ransomware attacks are unfortunately a common occurrence in today’s society and have been around since the early 90’s, in which ‘PC Cyborg’ was the first documented attack. This attack targeted a group of biologists in which floppy disks were sent via surface mail to other researchers who unwittingly knew they were victims on the first of this type of attack.
The rate of ransomware attacks shot up around 2010, with hackers exploiting new cryptocurrency technologies in which they could demand payment in Bitcoin, an untraceable form of payment. However, by 2018 these attacks had rapidly declined as other methods of attack including DDos and cryptojacking became more popular.
Today, we are seeing an increasing amount of ransomware attacks again as hackers create more sophisticated methods of attack. Whilst the fundamentals of these attacks are the same, hackers have ramped up the game with the types of targets they are choosing, from government organisations, to whole cities, in which we have seen several US cities being targeted recently. We suspect that these types of attack appear to be the most frequent as government organisations are mandated to report the incident, and therefore will be most willing to pay the ransom to avoid facing public scrutiny.
Whilst technology has now been adapted to handle a variety of increasingly sophisticated ransomware attacks, IT teams are still reliant on vendor patching to close loopholes before they are exploited.
4. Cloud Service Cyber-Attacks
Cloud services are currently taking the business world by storm, with around 83% of enterprise workloads predicted to be in the cloud as of 2020, as well as 30% of all IT budgets being allocated to cloud computing. So, what makes the cloud so attractive to organisations? Cloud technology is being used more than many people realise and has many economic and efficiency-based benefits, especially for SME’s. These benefits include:
- Data Recovery
- Automatic Software Updates
- Remote Working Capabilities
- Increased Collaboration
- Better Document Control
- Improved Data Security
- Enhanced Growth for Start Ups and SME’s
As can be seen, cloud technology brings many benefits, however, there are also a variety of risks which cloud technology poses. Many of these risks are not malicious but are the result of inadequate staff training which results in improper use of a system. Such cases can include forgetting to revoke access when employees leave the business, falling victim to phishing emails, and poor login security. Of course, there are also maliciously driven threats, including account hijacking, DDoS attacks, data breaches and cryptojacking, to name a few.
One of the best ways to mitigate these risks is to have a clear and well-considered cloud migration strategy in place, as well as investing in adequate staff training.
So, there you have the top four types of recent network attacks that you need to protect yourself and your organisation against this year. Whilst it may seem like there are ‘too many’ risks involved with these technologies, by adopting basic security procedures, it’s easier than you’d think to reduce your risk of a cyber-incident. Whilst it’s often more feasible for larger organisations to manage cyber-risks in-house, many SME’s simply don’t have the capacity to stay on top of the latest advice, information and technologies needed to protect their business from a cyber-attack. Nettitude strongly adhere to a proactive rather than reactive approach and encourage organisations to put the correct security measures in place before an incident happens. This not only increases the rate at which your organisation can bounce back after an incident, but ensure peace of mind for business owners alike.
For more information on protecting your business from 2020’s top technological cyber-threats, get in touch with our team by emails us at firstname.lastname@example.org, or alternatively you can find your local office contact details here.