Diagnosing new trends in the cyber threatscape facing business

Needless to say, the world of business has changed drastically over the course of 2020, and therefore, so too has trends in cybercrime, with companies, employees and consumers now under more pressure than ever to remain increasingly vigilant to social engineering attacks, phishing scams, malware and fraud, to name just a few examples.

In fact, Europol’s 2020 cybercrime report, which was, quite aptly, released during the start of Cyber Security Awareness month, revealed important updates on the latest trends and current impact of cybercrime within the EU and beyond.

The report itself is extensive, insightful and essential reading for CSO’s and security professionals. Some of the headline findings reveal that social engineering and phishing remain a top threat to facilitate other types of cybercrime; ransomware remains the most dominant threat as criminals have increased pressure on victims; Business Email Compromise attacks are growing in sophistication and becoming more targeted, and, payment fraud and abuse of the Darkweb is surging.

Quite worryingly, the report also shines a light on the growing quantity of cyber scammers that have latched on to the Covid-19 narrative, taking advantage of vulnerable members of society, inundated companies, and naïve employees, many of whom have been working from a 100% remote environment for the first time in their career.

Barracuda’s own researchers even observed a 667% spike in spear phishing attacks targeting companies from February to March, as a direct result of the immediate shift to remote working.

In fact, remote working has been the single largest contributor to the onslaught of phishing, BEC, and other social engineering attacks, for a variety of reasons. For a start, the quantity of sensitive information and private details which have transitioned from a physical environment or local server, to an online or cloud environment, has surged, making certain public sector and private organizations much more appealing in the eye of the cyber attacker.

Additionally, the urgency posed to companies back at the start of 2020, when Covid-19 went, in just a few short months, from what appeared to be a manageable flu, to a devastating global pandemic, gave companies little time to completely transform their business model. As a result, of many companies’ haste, security policies were deprioritized or ignored altogether. In a home-environment, weakened security gives cyberattackers opportunity to hack into home networks, via IoT devices, shared devices or even unprotected, public or outdated WiFi networks.

Combatting this issue has required an overhaul of cybersecurity policy. Personal devices must be protected with a VPN, and public cloud applications and infrastructure should be properly protected with the right FWaaS (Firewall as a Service) and application security.

Additionally, AI-enabled inbox defense software, should be prioritized – the right software will be able to spot suspicious content, intercept potentially dangerous content, or flag a compromised email account, which, in turn, significantly reduces the threat of human error, which is still the leading cause of leaked passwords, compromised data and mis-clicked malware or phishing content.

Employees should also be sufficiently trained on the evolving cyber threatscape, and learn the best-practice security methods when working from a remote environment. Europol’s Internet Organised Crime Assessment (IOCTA) provides a great framework for cybertrends and threats that must be properly observed, and CSOs and IT Managers must be constantly on the lookout for new angles and entry points to their system, which cyberattacks will eventually find, and will eventually take advantage of, unless properly diagnosed.