Considering the relentless cyber-attacks happening around us amidst the pandemic, apart from tackling these attacks, it is also difficult to limit such vast security conversations to just a single blog! Therefore, this time we are going to share insights on this subject, in a two-part series of our cybersecurity awareness blog. At a later stage, we would also like to understand how you perceive some of these aspects, through a small survey. Also, if you haven’t read our latest cybersecurity blog on ‘16 ways to vaccinate your digital life in order to stay secure during COVID-19’, check it out here. Kindly read on.
Let’s not argue on the fact that the old IT world is evolving at a pace faster than light speed, and cybersecurity experts now have to deal with new threats every day. Today over 60% of total commercial transactions are done online, so this field requires a high quality of security for transparent and best transactions. Around 98% of companies are maintaining or augmenting their resources for cybersecurity and of those, half are increasing resources devoted to online attacks.
However, despite the best efforts from cybersecurity specialists, cyber-attacks have been affecting the government and numerous large, well-resourced companies. The cybercriminals or attackers are also getting smarter with each passing day. For instance, they are using spying software to track fingerprint movements on touch screens, thus causing loss of sensitive data that they can utilize for blackmailing an individual.
Cyber-attacks including phishing, malware, man-in-the-middle attacks (MiM), SQL injections, brute force attacks, among others, have made data and assets of corporations, governments and individuals, highly vulnerable to security threats. The attacks are not just restricted to the personal, financial and sensitive data of a business but they can even pose a threat to national security. Government agencies are the main target for cyber attackers or hostile foreign entities who seek to cause disruption, sow distrust and obtain classified or sensitive information.
Personally identifiable information (PII) is currently a gold mine for cybercriminals. Attackers obtain key pieces of PII, such as birth dates, addresses, phone numbers, social security or driver’s license numbers, in order to impersonate someone else.
Cybercriminals can use PII for more nefarious purposes that impact the victim directly, by applying for credit cards, filing fraudulent income tax returns, and applying for loans under the victim’s name. They can also use this data to blackmail, demand ransom, or steal your money.
I guess by now, we all must have heard about the recent attack on the US health department. The US Department of Health and Human Services (HHS) suffered a distributed denial-of-service (DDoS) attack on March 15, 2020. It is believed that the attack was designed to slow the department’s systems. The attack on the health department was first reported by Bloomberg which also suggested that the attack was linked to a text message-based disinformation campaign that wrongly suggested that there would be a nationwide quarantine on Monday. However, appropriate actions were taken by the government and the situation is now under control.
The latest attack happened a few days ago with Easyjet, where a highly sophisticated cyber-attack affected approximately nine million customers. Easyjet states that email addresses and travel details were stolen and that over 2.2K customers had their credit card details “accessed”. The company became aware of the attack in January, however it took time to understand the scope and identify who was impacted.
This kind of cyber-attack undermines the reputation and credibility of a nation or of an enterprise. Despite investing a remarkable amount of money into hiring security professionals, maintaining customer privacy and avoiding ransomware attacks, many organizations are unable to get control over the situation. The reason being the changing nature of hackers and the access to tools that outwit the latest security countermeasures.
And what are the challenges surrounding cybersecurity today?
One of the most complicated elements of cybersecurity is the constantly evolving nature of security risks and advanced persistent threats. Even with emerging technologies and increased cyber regulations, cybersecurity is difficult, and threats are becoming more and more complex.
In our next blog, we will take a look at how to combat security issues, and how to build a comprehensive security strategy with multiple layers of protection and detection.
Stay tuned and if you want to get secure today, contact us.