As organisations take their first steps toward their “new normal”, malicious actors are ramping up their efforts. To combat today’s cybersecurity threats, both emerging and familiar, employers need a plan of attack, a commitment to vigilance, and a determination to educate. In this article, we take a look at Cybersecurity Trends and how they can affect you and your business.
Alan Hawkins,General Manager: Cyber Security and Software;Barry Leicher, Solutions Architect; Walter Schotter, HP ESSN Presales Team: Tarsus Distribution
Since the pandemic, working from home (WFH) has become much more pervasive. Many predict that remote working will remain prevalent even after the pandemic comes to an end. WFH or remote working often means connecting your computer to the company's virtual private network (VPN), creating new 'back doors' that hackers could potentially expose and use to compromise the company network.
At the beginning of lockdown we witnessed big spending from businesses and an explosion in the sale of VPN products as companies set out to secure their networks. There was much focus on sorting out firewall infrastructure as people started moving beyond organisational perimeters. There were many pain points in the first half of the year, and lessons were learnt the hard way. Now, there is an ongoing focus on ensuring that all endpoints have more sophisticated localised malware detection solutions in place.
Ongoing User Education Is Critical When It Comes To Cybersecurity Trends
It remains essential to provide employees with WFH security tips and guidance or policies on being a secure remote worker. Regardless of how strong a company VPN is, if an employee's password is compromised, hackers will find an easy way in. That is why it is essential to ensure employees update their passwords regularly. It also advisable to teach employees how to configure their wireless routers and personal firewalls to keep their home networks secure. Comprehensive security and antivirus software goes without saying.
Essentially, security can no longer be compartmentalised and must cover every possible point of access. Simulated attacks are becoming an increasingly popular way of educating users about the dangers of phishing and other types of attacks.
However, there is no question that greater user education is required, and that every company needs to take security more seriously than ever before. Remember, employees are accessing sensitive data over mobile devices that are not subject to the same levels of protection as a laptop, for example.
While the cost of endpoint protection on all devices may be a drawback, this must be compared to the costs of losing company data.
We also advise regular education and security check-ups. These exercises fell away under lockdown, but it is important to reinstate them. The benefits of having company systems analyses regularly cannot be overstated. It’s this type of information that enables IT providers to devise specific security plans for their customers.
To Combat DDoS-Driven Cybersecurity Trends Businesses Need Agile, Adaptable Tools
Distributed denial-of-service (DDoS)attacks seem old-school, but they are more forceful and powerful these days.Modern-day hackers and attackers are extremely clever and can exploit every application layer and every web-based protocol.
No one specific solution on its own is sufficient to address these types of attacks. Again, what is needed is a consolidated plan of action that includes network monitoring to detect early warning signs and abnormalities, as well as visibility across the entire stack. It is about synchronising the security between all the different components of a company network.
It is important to ensure that there are no gaps in the company network, particularly with the exponential growth of devices being connected to the internet. Vigilance is everything.
Fileless Malware & Ransomware Attacks Will Continue To Plague Companies
Fileless malware is a type of malicious activity that uses legitimate tools built into a system to execute a cyber-attack. Unlike traditional malware, fileless malware does not require an attacker to install any code on a target's system, making it hard to detect. It is a highly sophisticated form of attack.
Since you can't scan files to detect fileless attacks, companies have to rely on scanning memory and spotting malicious behaviour patterns.This is because fileless attacks cannot bypass advanced behaviour-based detection, critical area scanning and other protection technologies. Being observant, ensuring that patches are constantly up to date, and monitoring for any abnormalities in the form of an application or traffic in and out of your network are all essential. Endpoint agents and mobile agents will detect these types of anomalies, even if perimeter firewalls, are less likely to do so.
What to know more? Click here to read about Tarsus Distributions Cybersecurity solutions.