2019 proved to be a challenging year for business IT and cybersecurity, as organisations battled to minimise both the likelihood and effect of cyber-attacks, data breaches and IT outages. Businesses and public sector bodies alike were targeted by opportunistic cyber criminals and the results were, in some cases, devastating. (The average cost of a successful attack against a business is $7.35 million and, because of this, 60% of SMBs go out of business within six months of a data breach. Read more about the effects of cyber-attacks and the importance of cybersecurity here.)
Unfortunately, it is highly likely that this battle against cyber-attacks will continue into 2020. When making predictions for what the next 12 months will bring, it’s easy to focus on the biggest, boldest predictions and omit to pay attention to existing, steady trends which are more than likely to continue into the new year. This is no one’s fault; Amara’s Law states that we are always more likely to overestimate the effect of technology in the short term and underestimate its effect in the long term. The reality, however, is that the trends we have already witnessed throughout 2019 and in the years before are those that are most likely to continue into 2020.
Whilst we can’t rule out that cybercriminals will invent a new, extreme and even more terrifying way to hack into business IT systems in the next 12 months, the attacks that organisations should be focussing on protecting themselves against are those that are succeeding, and damaging businesses, right now.
What Were the Most Successful Methods of Attack in 2019?
With that in mind, in order to prepare our cybersecurity for the year ahead, we should first look back at the ways in which cybercriminals most effectively targeted organisations in 2019.
Some of these methods included:
- Phishing. The term “phishing” refers to the way in which a cybercriminal will use fraudulent communications (phone calls, emails, etc) with the purpose of tricking the recipient into giving away sensitive information, such as passwords, bank details, and so on.
- Whaling. Whaling is very similar to phishing, but it deals with bigger fish. Cyber criminals will impersonate a “big fish” within your organisation, (someone like a Director, Manager, CEO, or Finance Director) and ask another member of the organisation, likely in the accounts department, to make or approve a large payment. Because the recipient believes the email is coming from a senior member of their own organisation, they may then approve the payment of a substantial sum of money to what turns out to be the cyber criminal’s own bank account.
- Ransomware. The term “ransomware” is fairly self-explanatory; cybercriminals hold your data to ransom. Once ransomware infiltrates your systems, it allows cybercriminals to remotely encrypt your data. You’ll then receive communications demanding huge quantities of money in order to get your data back. Otherwise, it’s lost forever. You may think that only large businesses would be targeted in this way, but the reality is that businesses of all sizes can be hit by ransomware attacks. Whatever size your business may be, your data is hugely important to you. Cybercriminals know that.
- Malware theft. Malware theft refers to a hacker installing key logging software on your systems, which allows them to gather crucial access data, such as bank logins, and use this data for their own gain.
- Phone hacks. It is possible for cyber criminals to hack your company’s phone system, programming your phones to dial premium rate numbers automatically and repeatedly. These premium rate numbers are in fact owned by the hackers, and thus rack up an extortionate fee.
Protecting Against These Attacks in 2020
As it stands, these types of cyber-attack are succeeding and, whilst they continue to succeed and before the next ground-breaking attack tactic comes along, cybercriminals will continue to use them. As was the case in 2019, cybersecurity remains an important aspect of your IT strategy and investment in 2020. The expert suite of cybersecurity services offered by EPX Technical Services can protect your organisation against attacks such as these. To find out more, contact our offices on 01785 878311, or email firstname.lastname@example.org.