Remote learning and working from home are recipe for cyber security nightmares this autumn. More employees who work at home are also vulnerable to cyber thieves and thieves are becoming more successful. Workers are clicking on unsolicited phishing links and finding security work-a-rounds- exposing employers to ransomware, malware and theft of highly sensitive data. Therefore, it´s important to stay even more mindful and keep your guard up every minute that you're online. Let’s have a look at what’s currently happening to others and which cyberattacks are starting to evolve. That will help you to better understand how cybercriminals think — and be fully prepared for what they’ll do next.
The Evil Internet Minute 2020 – What Really Happens in One Minute on the Internet
We all know – successful cyberattacks cost us money! At the same time, we are surrounded by the “evil” trying to bypass security settings to intrude upon our systems. All this is happening within the blink of an eye. RiskIQ took a closer look at the malicious activity that transpires across the world every 60 seconds. It might take one minute to drink a glass of water, but in the same time, security teams are experiencing 1.5 attacks on computers with an Internet connection, detecting 375 new threats, seeing 16,172 records compromised or finding 5.5 Domain infringements. More knowledge, greater awareness, and an increased effort to implement necessary security controls make a huge difference in stopping these threat actors in their tracks.
Phishing Threats Remain Top Priority for Organizations
According to the 2020 Phishing Attack Landscape Report, commissioned by GreatHorn and conducted by Cybersecurity Insiders, the frequency of phishing threats has not slowed down during the past months. Organizations across the globe experienced an average of 1.185 attacks per month. Additionally, 38% reported that co-workers had fallen victim to an attack during the last year. As a result, 15% of organizations are now left spending anywhere from one to four days remediating malicious attacks during what is already a precarious and strenuous time for many. Phishing remains one of the most important attacks companies need to prepare for. People in the UK, for instance, are being targeted by a new phishing scam designed to trick victims into handing over details of their HSBC bank accounts. And the FBI recently shared a warning to United States air travelers to watch out for spoofed domains leading customers to fake-websites when booking their flights online.
Lack of Data Protection Knowledge puts Companies at Risk
Did this ever happen to you? You are preparing a mail that is supposed to be sent out to a group of recipients, and instead of adding the addresses into the “BCC” field you entered the details into the “To” field – so they were visible to everybody who received this note? As human beings we sometimes make mistakes – accidentally, out of carelessness, or without better knowledge. The above described scenario goes back to 2014 when exactly this happened with an employee of a British health clinic who mistakenly revealed the identity of 200 HIV-positive patients in an email group. Fines for breaches of data protection can reach £500,000 in the UK.
No matter the size an organization is, when dealing with sensitive information, policy, procedure, training, and supervision must be in place to reduce the probability of human error occurring. Whilst data protection training is most often delivered from legal teams, IT Security teams are also obliged to take appropriate measures to prevent their businesses from potential harm – such as managing identity management and limiting the access to sensitive data for well-trained and experienced people only. Continuous education and training helps to ensure employees are aware of potential risks.