Being in business is all about being great at what you do. But staying in business needs something a little bit more. If you want to be successful and make sure your business sticks around, you need to be good at identifying risk, and taking steps to protect your business from risk. Despite our best efforts, all businesses face risk, regardless of the industry they’re in. But now, cyber-attacks have been labelled as the number 1 risk businesses face across the world face every day. And for some businesses, this is even more of a risk than for others. For example, last week the UK National Cyber Security Centre revealed that the charity sector is particularly vulnerable to these kinds of attacks. The week before that, UK think tanks were hacked by groups in China. So even as awareness grows, the pressure on businesses to protect their businesses against cyber-attack is mounting. But what does this mean for you as a business owner?
Less Is More
Cyber security was somewhat thrown into the national spotlight around two years ago, with a new, high profile hack or data breach being reported every day. But over the last few months, the frequency of the attacks seems to have eased off – at least in the public eye. But that doesn’t mean the threat has gone away. In fact, some firms believe that fewer attacks may actually mean more destruction for businesses. Some studies have found that despite the ransomware attack levels falling from 645 million to 184 million between 2016 to 2017, then threats posed by malicious code are more dangerous than ever. As technology continues to evolve and the cyber arms race rages between governments, the risks only increases. So don’t be fooled – just because the news isn’t full of data breach reports, doesn’t mean you’re all safe.
Law Enforcement Is Changing Things
Of course, one of the benefits of increased awareness and understanding of cyber-crimes is the response by the authorities. In the past, there has been a lot of confusion over how to pursue and prosecute cyber-crime, since the law haven’t yet caught up with the technology. But now law enforcement is better equipped to handle cyber-threats. In fact, some key arrests of cyber criminals have helped to disrupt the malware supply chains, significantly impacting the rise of new, would-be hackers. Across the world, law enforcements are now able and informed enough to take the initiative and arrest malware authors and disruptors.
Of course, as a result, cyber-criminals are becoming more careful in how they conduct their business. This includes things like using dynamic cryptocurrency wallets and different transaction currencies to hide their tracks. This means that to truly tackle the risk to businesses everywhere, national and international law enforcement agencies need to work together to disrupt global cyber threats. Which is exactly what they’re doing.
Cybercrime Advances
Despite the revelation of WannaCry, Petya, NotPetya and BadRabbit ransomware attacks, the total volume of attacks just didn’t meet the predictions in 2017. In fact, the rate of attack went down, instead of up. However, the number of variants of ransomware created has been continuing to grow, in the same upward trend that has been rising since 2015, with the number of ransomware variants increasing by 101.2% over the course of 2017. This increase, along with the 184 million ransomware attacks carried out over the year, means that ransomware is still one of the biggest threats to businesses.
Hackers and cybercriminals also continue to encrypt their malware payloads in order to circumvent more traditional security controls. Research shows that encryption was leveraged more than previous years for both legitimate traffic from businesses and malicious payload delivery through hackers. On average, 60 file-based malware propagation attempts were attempted, per firewall, per day. Without SSL decryption capabilities in place, the average organisation would see almost 900 file-based attacks per year hidden by TLS/SSL encryption.
Blogs