It’s that time of year again. In offices across the country, half the desks are empty with their inhabitants either sunning themselves in Mallorca or huddling against the rain on a Cornish clifftop.
Unfortunately, cyber criminals have no regard for the annual summer slow-down. Just as we’re winding down, they’re ramping up their search for vulnerabilities.
So, marking cybersecurity’s mid-term report, let’s look at the main threats your IT team should be aware of in your product or services roadmaps for the rest of the year.
The threat from Russia continues, in cyberspace as well as on the ground
Obviously, the main tragedy here is the ongoing conflict in Ukraine, but the war also continues to spill into the digital sphere. Just last month, Scarborough Council Head of Cybersecurity Greg Harper flagged an increased number of attempted cyber-attacks, reaching into the hundreds each day. Many of these came from Russian domains, showing that the threat is definitely not subsiding.
The National Cyber Security Centre has also stated that this is no time for complacency and that just because we’re yet to see a major cyber security breach in the UK, this doesn’t mean that the adversary capability or intent is any less.
Given that the situation doesn’t seem likely to improve any time soon, you may need to reconsider your defence processes. Try to ensure they are implemented in an efficient way in the long term, as well as dedicating extra resource where you spot signs of burnout in your teams.
Call-back phishing reaches cyber security
Hackers are increasingly impersonating well-known cybersecurity companies with call-back phishing emails which give fraudsters access to corporate networks.
The emails ask you to call a number to solve a problem. The criminals then convince the caller to install remote access software so they can go on to compromise the whole Windows domain, potentially leaving your organisation open to a ransomware attack.
To make sure your staff don’t fall for this trick, send an alert around the company setting out the trap and asking them to inform you should they receive any similar emails.
Hybrid working still a cyber security nightmare
Being back in the office and away from our kitchen table might feel good, but the hybrid fluid working environment is proving tricky to keep secure. According to one study by Harvard Business Review, 67% of hybrid employees violated one or more cybersecurity policies during a ten-day period.
Different devices and employees entering and leaving the office can create uncertainty over who should have access to what. In this situation, your team might want to consider a zero-trust environment with ongoing monitoring and authentication of users looking to access applications and data.
Double extortion
The cyber criminals who use ransomware have also started to steal data before they encrypt it. This means that even if your company manages to recover from the encryption through meticulous backups, the criminals can still threaten to release the stolen data if they aren’t paid.
What’s more, paying is no guarantee of security. The overwhelming majority of companies who pay a ransom are hit a second time. It’s an impossible situation and the less damaging response will depend on each case. Unfortunately, this just highlights the need for effective defences which can prevent breaches in the first place.
Worried about any of the above? Get in touch with our team at 0800 440 2100.