Top 10 Rising Cybersecurity Threats, Part 2
Welcome back! In part 1, we looked at the first 5 of 10 rising cybersecurity threats, and we’ll jump right into the remaining 5.
Ransomware boomed during the pandemic with large institutions and critical infrastructures facing disruptions and being forced to pay millions in ransom. No organization was immune, with even public schools being victims. According to Check Point, ransomware attacks increased by 50% worldwide in Q3 2020 alone, compared to the previous quarter. In the first quarter of 2021, the volume of malware threats observed by McAfee Labs averaged 688 threats per minute, an increase of 40 threats per minute (3%). (Yes, 688 per minute. That equals more than 11 per second.) One of the biggest drivers behind ransomware’s continued success is the adoption of Ransomware as a Service (RaaS).
There has been much debate over the effectiveness of paying a ransom. While many insurance companies opt for paying, experts suggest that it not only fuels cyber crime, but also doesn’t guarantee the return of data. The best approach is a good defense to reduce your risk of falling victim in the first place. Jack O’Meara Director in the Guidehouse Advanced Solutions Cybersecurity practice, told Cyber News, “It is like a burglar going through the neighborhood – they are not going to attack a house that probably has bars on the windows as much as the one that looks like a much easier target to penetrate.”
7. Marketplace Scams
Digital criminal activity is often closely interconnected with current events. Experian suggests that following inflation and ongoing supply chain problems in 2022, there will be more cases of marketplace fraud. Threat actors will attempt to meet the market demand with fake products, filling supply gaps with a chain of scams. As a result, customers will pay for things that simply don’t exist. The number of fake websites is also likely to increase.
8. IT Misconfigurations
Fraud is delivered as a service in which a threat actor supplies services to carry out fraudulent activity.Such schemes are
In the “Shared Responsibility Model,” the cloud service provider is responsible for protecting the infrastructure that runs all of the services offered in the cloud. While the customer retains responsibility for their use of the cloud including data, endpoints, and access management. As a cloud customer, the scope of your responsibility is broad.
In part 1, we mentioned that 95% of cybersecurity threats that people have faced can be tracked to human error. Gartner paints an even bleaker picture, estimating 99% of cloud security failures will be the customer’s fault. Although that’s probably not a “bleak” statistic for IT professionals… because it means we can do something about it to substantially reduce our risk. To that end, Wursta conducts cybersecurity assessments to help you determine how to stay ahead of persistent threats. Sure, we are also only human, but a fresh look through a structured assessment conducted by experts is sure to improve your security posture.
9. Increasing Cloud Complexity
The continuing movement of workloads to the cloud and ever-expanding scope of services offered by cloud providers bring numerous benefits to businesses. Unfortunately, cloud sprawl and complexity also bring many challenges, including lack of visibility and limited control to enforce security policies and detect threats.
Sprawl is now the norm, with 89% of respondents to Flexera’s annual state of the cloud report for 2022 having a multi-cloud strategy. Additionally, cloud native technologies like serverless and containers minimize the burdens of infrastructure ops orchestration, while also bringing unique security challenges, requiring a distinct, dedicated approach.Many organizations continue to struggle, with security further encumbered by a lack of expertise and difficulty hiring and retaining fulltime cybersecurity experts.
10. Mistaking Compliance for Protection
A variety of regulations exist which dictate steps organizations must take to be compliant. Regulations are issued at various levels such as state (California SB-327), federal (HIPAA, SOC II, CMMC), international (GDPR), and industry-specific (PCI-DSS.) While Wursta is not a certified audit firm, we help clients prepare for official external audits for many such standards.
Adherence to standards ensures a solid foundation of cybersecurity best practices, but compliance alone isn’t enough. For example, most regulations require you to document that various controls are in place, such as access controls via 2FA. However, which users are you granting access to? And are each of those users being granted least-privilege access (i.e. only the scope of access they need to do their jobs.)
Regulations don’t generally delve into this level of granularity, and granting excessive privileges is a common way organizations are exposed to risk.
… And Some Good News
Many cybersecurity best practices will reduce your risk of falling victim to multiple threats we’ve summarized. Not every threat requires a distinct mitigation measure. Additionally, some of the strongest mitigations are easy to implement and may not even result in any additional costs, such as Google’s 2-Step Authentication.
With our comprehensive cybersecurity assessments, Wursta works to understand your business, goals, and risk tolerance to build the security posture that meets your needs. Contact us to see if our services would be a fit.