Following the NCSC’s Annual Report on the rise of cyber-attacks – and particularly those exploiting fears around COVID-19 – during the pandemic, it is clear that security teams are vastly outnumbered.
To cope with the volume of threats, the sophistication of attacks, and the fact that many teams are away from the infrastructure the office provides, advanced technology will be the key to fighting these threats going forward, and filling the skills gap.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The growing number of ransomware incidents is a concern, but more worrying is their severity. The strength of DDoS attacks each month has already eclipsed the levels of November 2019, the previous record. We’ve recorded our largest-ever attacks in terms of both packets per second and bandwidth, and the level of overall DDoS risk has increased every single month.
We’d expect this pattern to continue over the rest of the year and 2021, as criminal groups see increasing opportunities and rewards. Organisations need to be aware of the risks, and ensure they have a strategy in place to mitigate them.
Covid-19 has quickly become a popular ‘lure’ for cyber attackers, with more people seeking out information about the pandemic and therefore the likelihood to trust and click on false links increasing.
Working from home has become a staple and organisations must ensure that employees know the role they play when it comes to preventing a cyber-attack. Take phishing, for example. When an employee receives a phishing email, there will be clues that the sender is not who they pretend to be. The use of special characters, spelling and grammar mistakes and the email address of the attacker are just some red flags that employees should look out for.
Organisations need to ensure that their staff are fully aware of the importance of maintaining good cyber security practices in their day-to-day tasks. However, phishing emails are now so sophisticated, you can’t rely on employee awareness alone to protect the organisation from attacks; they cannot be blamed for falling victim to professional social engineers. Organisations have a responsibility to deploy defence in depth to provide multiple ways to prevent phishing emails from being successful. Processes such as filtering emails, employee awareness, threat intelligence, blocking malicious domains and multi-factor authentication should all be in place to protect staff from potential cyber-attacks.
The exploitation of COVID by cybercriminals is not a surprise. An increase in phishing and fraud during the pandemic is not out of the ordinary for today\’s significant global events. And ultimately, society\’s inability to protect vulnerable citizens and data from cyber crime in this crisis was all but inevitable, but it is preventable.
Already overwhelmed by the volume of threats, even the best cybersecurity teams have been in over their heads working from home whilst battling COVID-related threats, a rise in ransomware, and the infiltration of hack-for-hire groups in global politics. They are vastly outnumbered: according to the Global Information Security Workforce, the UK is set to have 100,000 empty cybersecurity jobs by 2022. Reinforcements must be called in – if not as new recruits, then in the form of technology.
AI technology can help manage the volume of potential threats, spotting anomalies in data and dealing with menial and repetitive tasks whilst flagging potentially serious situations to cyber security team. With COVID phishing emails, for instance, the AI spots the presence of malware and the attack is thwarted before the link can be mistakenly clicked – triggering long-lasting repercussions for the entire organisation.
Security teams are exhausted. Human error will happen. But with AI automating repetitive tasks, this risk is vastly reduced. Humans and tech must work hand in hand, so the professionals are equipped with the right knowledge and skillsets to keep our enterprises, and our country, safe.