There’s been a 300% rise in cybercrime in the U.S. since 2020. The numbers make for sensational headlines, but the actual crimes typically don’t. Hackers aren’t going after the big names — small and midsize businesses (SMBs) are much more likely to be targeted than well-known companies. In fact, more than half of all cyberattacks are committed against SMBs. Unfortunately, they’re the least able to recover: 60% go out of business within six months of falling victim to a data breach or hack.
It’s more important than ever that organizations, both large and small, have robust cybersecurity tools in place, and prioritize patching and upgrading software as soon as vulnerabilities are discovered. But you can’t count on technology alone to keep your organization’s data and infrastructure safe.Why Better Technology Isn’t Enough
Cybersecurity, in many respects, isn’t that different from any other form of security. For example, you might have the strongest, most advanced locks on the doors to your house and a security monitoring service. But if you don’t lock the doors and arm your system, it won’t be able to identify an attack in progress, let alone prevent it.
Human error isn’t just responsible for a significant amount of cybersecurity attacks. According to a study by IBM, it’s the leading cause of 95% of them. You do need robust cybersecurity tools and procedures, but your staff also needs to understand how to configure them properly, how to recognize a threat, and how even the most seemingly innocent of actions can render the best cybersecurity tools largely ineffective.
Understanding Common Cyberattacks
While cybercriminals are growing more sophisticated, the four most common cyberattacks are reasonably simple to understand. And if your staff understands what threats to look out for, they’ll be more effective at helping you guard against them.
1. Phishing
Phishing is a common strategy of cybercriminals, where a hacker pretends to be a trusted party to trick their targets into giving them sensitive information or money, or downloading a malicious attachment. The hacker could pose as a trusted family member, a coworker, or a celebrity.
Phishing is commonly carried out through emails, but these emails can be disguised to look like they’re coming from trusted companies or government offices. When phishing attacks are carried out over voice calls, it’s called vishing; when phishing attacks come through text message (SMS), it’s called smishing. When phishing is targeted at an individual rather than sent out en masse, it is often referred to as spear phishing.
2. Malware
Malware is malicious software that is designed to be harmful to a target’s systems. Common malware includes viruses, spyware, worms, adware, and ransomware.
Of these, ransomware attacks are the most significant threat. Ransomware encrypts a target’s data and allows hackers to demand a ransom for releasing it. Since 2018, the average ransom has increased from $5,000 to $200,000.
As antivirus software is getting better at identifying and blocking malware, cybercriminals are increasingly turning to “fileless” malware, which is malicious code written into a native scripting language or written straight into a computer’s RAM.
Furthermore, as cybercrime has become more profitable, cybercriminals are getting more organized and operating more like corporations. One example of this shift in strategy is the Malware as a Service attack (MaaS). This attack operates much in the same way as a traditional malware attack, but it’s carried out on someone else’s behalf, as a service that can be purchased by someone who lacks the skills to do the work themselves.
3. Denial of Service
In a Denial-of-Service (DoS) attack, cybercriminals intentionally flood a target’s system with so many requests that legitimate users can no longer access their online resources. Distributed Denial of Service (DDoS) attacks are a subcategory of DoS attack, where instead of using one system to launch the attack, they employ several.
4. Man-in-the-Middle Attack
In a Man-in-the-Middle (MITM) attack, a hacker intercepts communication between a sender and their intended recipient. Unsecured or poorly secured WI-FI routers present the ideal launching spot for MITM attacks.
Why Is Cybercrime On the Rise?
The explosion in cybercrimes is actually the logical result of the pandemic, although the two may not seem connected. Remote work, the cloud, lockdowns, and more have all contributed to the escalation of cybercrime.
REMOTE WORK - More employees are using less-secure devices to connect to their organizations’ systems and data, making cybercrime much easier.
THE CLOUD – while cloud vendors typically support secure configurations, they’re not necessarily configured by default and may require a different approach to security than traditional systems on-premises. The shift to cloud, fueled by remote work, has left some organizations vulnerable.
MORE TIME ONLINE - Due to lockdowns around the world, more people spent more time on their connected devices.
MORE DEVICES – With more devices and tools going online, cybercriminals have more targets to pursue.
5G – The more we’re connected to anyone from anywhere, the more we use our devices for everything. The more we use our devices, the more we’re potential targets of cybercrime.
PROFITABILITY – Cybercrime is now more profitable than the international drug trade. With more profits and less risk of prosecution, more hackers are willing to work for hire, performing cyberattacks as a service for others.
How To Keep Your Organization Safe
Phishing attacks are still the most common form of cyberattack. Fortunately, they’re the ones that your staff can all be trained to safeguard against. Six out of ten Americans are highly vulnerable to phishing emails; a robust security awareness training program can significantly reduce vulnerability to phishing, malware attacks, and more.
Training is essential, but so is making sure you have the right tools and making sure they’re configured correctly. As hackers are evolving their strategy quickly, effective cybersecurity also is moving quickly; what might have been considered robust security five years ago probably no longer cuts it. If you’re wondering if your organization is aligned with best cybersecurity practices, this checklist can identify areas of strength and potential areas of vulnerability.
As cybersecurity becomes more challenging, it’s becoming more of a specialized skill within IT. Even for organizations with their own internal IT team, outsourcing cybersecurity duties is becoming a popular choice to help alleviate the burden on internal staff and reduce cybersecurity burnout. Marco’s technology experts can take on all or part of your IT needs, and with our team of over 650 certified systems engineers, we have the expertise to provide best-in-class solutions to help you meet your goals, now and in the future.