One constant, no matter what the year, is that new and emerging online threats continue to be developed. There are approximately 230,000 new malware variants produced every day.
And malware is just one of the threats small businesses face when it comes to cybersecurity, there are fileless attacks and ever more sophisticated phishing campaigns all designed to breach networks and compromise data.
Having managed IT security can help you stay protected by putting into place multiple layers of good security practices. Knowing what types of threats your company is facing can also ensure you’re one step ahead of the bad guys.
Online Attacks to Prepare for This Year
The U.S. sees more than 130 large-scale data breaches each year, and many more that are perpetrated on small businesses and don’t make the news. But they can be just as costly to those companies, with many of them never fully recovering.
Getting out ahead of the emerging threats coming your way can help you put safeguards in place in your IT security plan as well as inform your employees so everyone can be prepared and protected.
We’ve taken a look at the cybersecurity landscape for 2020, and here are some of the biggest threats to look out for.
Office 365 Targeted Phishing
If your office uses Office 365, then you’ll want to warn your users about an increase in phishing attacks that are specifically designed to steal Office 365 login credentials.
Some of the tricks that hackers are using are to send fake SharePoint file sharing emails with a OneDrive link that redirects the users to a spoofed login page.
Administrators are also being targeted with emails that warn them of an account deletion if they don’t take action.
65% of U.S. organizations were victims of a successful phishing attack in 2019.
Phishing remains the top security threat year after year, but the forms that it morphs into can vary, so users need to stay away of the newest scams.
IoT Devices Being Hacked
Smart, internet-connected devices are multiplying in homes and offices around the world. They’re also becoming a major target of hackers who know that many users don’t properly secure them or even change the default username and password.
Many of these devices get hacked within just hours of being set up with hackers often being able to use them to access other devices on the same wireless network.
Securing any smart security cameras, smart whiteboards, or other IoT devices needs to be done properly to ensure they don’t represent a risk to your network.
Windows PowerShell Fileless Attacks
In 2018, the number of attacks on Windows PowerShell rose by 1000% and it showed no signs of slowing down in 2019.
This type of attack has become so popular because it doesn’t involve a file containing malware (which can be detected by most anti-malware programs), instead it sends a malicious command to the legitimate Windows PowerShell process that allows a hacker into your system.
Standard defense measures don’t generally block this type of attack, which is why advanced threat protection is needed that does things like:
- Look for suspicious PowerShell behavior
- Use a whitelist system for allowing program execution
Cloud Platform Vulnerability
Hackers go where the data is and for more and more companies each year, their data is in the cloud. Approximately 83% of enterprise workloads are expected to be in the cloud in 2020, and small businesses are also leveraging cloud solutions for much of their business operations.
A big risk to businesses is data loss because many of them don’t back up their cloud data that is contained in programs like Office 365 or Dropbox separately. This leaves them open to major data loss should an outage, malware infection, or other cloud platform disaster occur.
Ransomware as a Service
Ransomware costs businesses hundreds of thousands of dollars per year in lost productivity, data loss, and more. While it’s been a big threat for a few years now, the thing that’s making it more dangerous in 2020 is that it’s being sold as a service.
Just like legitimate software as a service (SaaS) makes money for the companies that provide it, ransomware creators have graduated to tapping into that additional revenue stream by offering up their ransomware variants to any hacker that pays for it.
For example, a ransomware like SamSam, has an average ransom demand of $40,000, but can cost a hacker just a small fraction of that to purchase the code and delivery method. The current frequency of attacks for just this one type of ransomware is 1+ per day.
The best defense against ransomware is through solid cybersecurity policies and ensuring you have an easily recoverable back up of all your data.
Avoid Data Breaches and Unexpected Data Loss
Excedeo can assess your current data security strategies and let you know where you may have vulnerabilities that need to be addressed to keep your security posture up to date and protect you from emerging threats.