Almost every company has an online presence these days – which means they must also take steps to protect themselves from cyber criminals.
That is easier said than done, however, as hackers are extremely smart people who are constantly plotting new ways of breaching businesses.
With an estimated global cost of around £4.2 trillion per year attributed to cyber crime, it is an ‘industry’ as lucrative for criminals as it is damaging to businesses.
Florian Malecki, international product marketing director for StorageCraft, says the coming months promise to bring some of the most advanced attacks the world has yet seen.
AI and machine learning-based attacks
Artificial intelligence and machine learning are two of the biggest buzzwords in technology today. Malecki says cyber criminals are also beginning to harness these tools in a number of clever ways.
“Machine-learning models can craft convincing fake messages, and the technology therefore presents a convenient option for criminals executing phishing attacks,” he told BusinessCloud.
“AI can also be used to create malware that’s capable of fooling sandboxes, to therefore access companies’ systems.
“While these attacks are becoming more advanced, they still typically rely on classic phishing tactics, and you can prevent them by educating users about how to spot and avoid various online scams.”
With threats like WannaCry making the headlines, we’re permanently reminded of the damage ransomware causes. According to a report by McAfee, ransomware issues grew 56 per cent in 2017. Trend Micro also lists ransomware as its number one cyber-threat for 2018, calling it the “land of milk and honey for cybercriminals”.
“The cyber security world is beginning to catch up. Consumers are more scrupulous, fewer off-the-shelf ransomware is appearing, and law enforcement agencies are working to crack down on this type of cyber-fraud,” said Malecki.
“But despite these efforts, the growth of ransomware is a clear indicator that we should stay vigilant.
“The best way to avoid suffering from ransomware – in addition to next-generation firewalls, sandboxing. email security and anti-virus solutions – is to make sure you have rock-solid back-ups and storage and recovery point objectives that are within your data loss tolerances.”
Email Compromise Scams
Email scams are becoming more innovative: cyber criminals are stealing billions of dollars simply by sending spoofed emails that look convincing to the untrained eye.
The FBI reports that business email compromise scams increased an incredible 2,370 per cent between January 2015 and December 2016 and it has been predicted that email scams will lead to close to $9 billion (£6.37bn) in global losses this year.
“One important thing to remember is that companies must create protocols for various types of transaction so a system of checks and balances within the organisation can stop fraudulent transactions from going through,” said Malecki.
“When it comes to phishing attacks through email, users should know how to spot spoofed emails, so they never open them by mistake.”
Connected Device Attacks
Last year alone saw many distributed denial-of-service (DDoS) attacks that leveraged hundreds of hijacked Internet of Things devices.
“These attacks are likely to increase because they often allow hackers to create proxies and hide location data and web traffic, making it difficult for law enforcement to figure out where the attacks are coming from,” said Malecki.
“Other vulnerable devices include aerial drones, wireless home devices, and even bio-implants such as pacemakers.
“Many devices don’t have built-in security, which means users must take responsibility for their own security by ensuring that passwords are secure, and that device firmware is always up-to-date.”