4 Reasons Cybersecurity Attack Surfaces Are Expanding

 

The COVID-19 pandemic impacted individuals and businesses all over the world in one way or another. 几乎一夜之间, it disrupted the way people went about their daily routines and how companies operated. Amidst all the chaos, changes to the cyber landscape increased at an unprecedented pace. Some of the trends that powered these changes and continue to fuel them are:

 

  1. 物联网(IoT)使用的增加
  • 美国大约有56个联邦机构.S. reported using Internet of Things (IoT) technologies.1
  • In 2021, experts expect the number of connected devices to reach 10.070亿年.2

 

  1. 云的快速采用
  • Global public cloud end-user expenditure is expected to grow by over 18% in 2021.3

 

  1. 数字转换
  • IT支出预计将达到3美元.2021年9万亿.3
  • Spending on digital transformation technologies increased from $1 trillion in 2018 to $2.2021年为39万亿.2

 

  1. 在家工作的模式
  • Over 70% of all departments and teams are expected to have remote workers by 2028.4

 

随着攻击范围的扩大,网络犯罪也随之而来. 根据联邦调查局的报告, cyberattacks have skyrocketed by over 400% since the start of the pandemic, making it imperative to identify and deflate cyberthreats for the health and future of your business.

 

越来越多的网络安全风险

 

  1. 针对Ransomware攻击

Ransomware attacks have long been a nuisance to businesses. Experts have estimated that about 10% of breaches reported in 2021, so far, involved ransomware.5 The success of this mode of attack is attributed to the simplicity with which an attacker can wreak havoc. It should worry everyone that ransomware kits are inexpensively available on the dark web.

Ransomware propagators are constantly devising new plans to evade defenses set by businesses. Without precautionary measures in place, SMBs could find themselves at risk.

 

  1. 钓鱼式攻击

Phishing uses social engineering in email and cloud services attacks. Phishing attacks can lead to account takeover, credential theft and more. According to one report, phishing attacks increased by 11% in 2021 alone.5

 

Malicious actors using phishing scams as their method of attack are cunning enough to tilt every global event to their advantage. 例如, 当大流行开始时, phishing emails were sent out to the masses in the name of the World Health Organization (WHO). Later, when vaccines were rolled out, scam emails had a vaccine company’s name as the sender.

 

  1. 内部威胁

Shockingly, close to 20% of breaches involve internal actors.5 The problem with insider threats is that they’re often the toughest to detect.

 

内部事件最常见的原因是:

  • 疏忽的雇员或承包商6 – 62%
  • 犯罪或恶意内幕人士6 – 23%
  • 凭据盗窃6 – 14%

 

  1. Fileless攻击

A fileless attack aims to exploit the features and tools of a victim’s environment. It doesn’t depend on file-dependent payloads nor does it generate a new file. This leaves no footprint and makes fileless attacks very hard to detect. A fileless attack is reported to be 10 times more successful than a file-based attack.7

 

Fileless attacks can originate through an email that directs you to a malicious website. 从那里, 使用社会工程策略, the cybercriminal can use system tools (such as PowerShell) to distribute payloads and execute commands. Since these system tools are part of your IT environment, 这种威胁可以规避过时的安全系统.

 

如何保持受保护

 

You can ramp up your IT security and protect your business by following these steps:

 

  • Keep your systems updated and safe from cyberattacks that exploit known software vulnerabilities by automating patch and vulnerability management.
  • Ensure effective and quick recovery from cyber disruption by backing up your systems and SaaS applications.
  • Secure your systems by deploying advanced antivirus and antimalware solutions that provide endpoint detection and response (EDR).
  • Make sure every new device has the necessary security tools to start with — local firewall, DNS过滤, 恶意软件防护, multifactor authentication (MFA) and disk encryption.
  • 随时准备好突发事件应对计划. No breach can shake you if you have a robust action plan. The plan should have a communication strategy with all stakeholders, 包括你的投资者和重要的bet9最新手机登录网址.
  • Provide regular security training to your employees and vendors.

 

If thinking about assessing your current cybersecurity posture gives you anxiety and you’re not sure where to start, 别担心. We can take the assessment off your plate and suggest the right solutions for your business. An experienced partner like us can make your cybersecurity journey seamless and successful. bet9会员备用登录网址 us today for your cybersecurity assessment.

 

 

 

来源:
  1. bet9会员备用登录网址高- 20 - 577报告
  2. Statista
  3. Gartner
  4. Upwork报告
  5. Verizon 2021 DBIR
  6. 《bet9会员备用登录网址》
  7. 波耐蒙研究所