It’s 2023 and, if anything, the cybersecurity picture has grown bleaker. I just read that the US saw a 57% increase in overall cyberattacks in 2022. These increases are fueled by an ever-expanding pool of cybercriminals distributed around the world in small, nimble organizations. Think of businesses just like yours, but with quarterly “sales” goals focused on how many companies or individuals they can hack.
Ransomware as a Service
One trend fueling this increase in cyberattacks is the rise of Ransomware as a Service (RaaS). In the past, if someone wanted to get into the ransomware business, they would have to write and deploy their own code. Today, entrepreneurial minded ransomware operators are licensing their software to affiliates. These affiliates can quickly and easily deploy a ransomware attack with little to no technical skill of their own. The price of a RaaS kit can start as low as $40/month and is available to anyone.
The Importance of Backups
Don’t underestimate the importance of backing up your data. It may not sound very glamourous but having a recent and reliable backup is one of your best tools for thwarting a ransomware attack. When developing your backup strategy, consider the following:
- Recovery Point Objective (RPO) – the amount of data that can be lost before unacceptable consequences occur. For example, if you backup every 24 hours, are you comfortable losing a day’s worth of work?
- Recovery Time Objective (RTO) – how quickly services need to be restored in the event of an incident. Be sure to verify that the time it takes to restore your data from the backup meets your organization’s RTO. For example, a file backup to the cloud could have a long time to restore if you have a slow, unreliable internet connection.
Monitor and test your backups regularly to ensure your organization is ready when an incident happens.
Leveraging Artificial Intelligence (AI)
Another cybersecurity trend I see is the use of intelligent tools that can monitor, detect, and prevent cyberattacks. It’s been a couple of years since Invario upgraded our customers from standard anti-virus to advance endpoint detection and protection software. More recently I’ve also been recommending the use of Microsoft’s Business Premium, a solution developed for SMBs that combines Windows 365 applications with advanced security capabilities. A feature I really like is something called “impossible travel” which is basically what it sounds like. If I’ve just logged into my account here in Virginia and I try to login at the same time from halfway around the world, that access will be blocked. The system is smart enough to know that the real Dave Wilson can’t possibly be both places at once.
Broader and Stronger MFA
Data breaches are so widespread they barely even make the news any more. I don’t know anyone who hasn’t had their credentials stolen from at least one organization or website. When that happens, it’s critical that you have multi-factor authentication (MFA) in place. Enforce MFA on all accounts for all users whenever possible.
Even MFA is not impenetrable, however. Here are some of the ways cybercriminals can bypass MFA:
- Using social engineering to trick users into revealing their codes
- Brute force attacks to guess a short PIN or One Time Password
- SIM hacking to intercept SMS-generated MFA codes
For these reasons, MFA trends include the use of biometric authentication and avoiding SMS-based authentication in favor of application-based or biometric authentication where possible.
If you want to know more about these cybersecurity trends and what your organization can do to prevent cyberattacks contact your Invario team today.