By Sam Field, enterprise solutions product manager, Sure
THE global pandemic and restrictions on movement have led to an increased dependency on digital services for both businesses and consumers and, to a large extent, pretty much everyone has had to adapt to new ways of working.
Enforced lockdown has seen a massive rise in the use of collaboration services and workforce transformations have taken place before our very eyes. Digital communications in whatever format have massively increased the amount of business data in circulation.
Cybercriminals quickly identified dispersed working as a major opportunity and have responded with pandemic-themed scams and attacks to steal information and data.
While cyberattacks on individuals are very upsetting, they are generally easier to spot and deal with. A ‘take no action’ approach to any form of contact outside the norm is the key learning point on a personal level, and nobody can claim to be so smart that they are not vulnerable.
The workplace, however, is a much more complex environment with hierarchical relationships, managerial directives and business systems that are not always the simplest to operate.
There is a greater scope for cybercrime in organisations with operational complexity and the value of data and information that can be stolen or extorted tends to be higher.
Furthermore, it is not just criminals who are interested in business data. There are many business information platforms and other data-centric organisations who are benefiting from the wealth of information flowing around the digital economy. And for many island organisations, protecting intellectual property from cybercriminals and other interested parties is vital.
The arms race between data protection, criminals and legal data hunters is here for the long-haul as organisations strive to protect their businesses, customers, revenues and reputation.
The focus still remains on cybercrime though, and the five overriding threats that are targeting hybrid working environments are:
Email Phishing
This is defined as the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity. Covid phishing activity often impersonates government and health authorities to deceive users into sharing confidential information such as payment and account credentials.
When hackers break into corporate networks, they often take their time monitoring emails and activity to maximise the impact of their attack. Criminals then mimic existing accounts and send emails instructing people to take action – do this, click here, update that – all in an attempt to obtain the information and the access to funds they are looking for.
SMS Phishing
Also known as ‘Smishing’, this is text-messaging fraud that tries to lure victims into taking action. Clicking on links in texts can activate the downloading of malware that will reveal and extract sensitive account information. The increased use of smartphones for so much business activity exposes organisations to an extended perimeter, through a non-PC-based zone of extended vulnerability.
Fraudulent domains
Also known as domain spoofing, this is also associated with phishing. Attackers use a ‘bogus domain’ to impersonate a company or its employees. This can be done by sending emails with false domain names which appear legitimate, or by setting up websites with slightly altered characters that look authentic, and asking you to take action that will compromise your security.
Counterfeit apps
A counterfeit app is one that claims to do something but is actually fake, ineffective or harmful to a user’s device and information. They have been found on legitimate app stores including Apple and Google Play, where they have not yet been detected or reported. They aim to defraud users by offering fake functionality and stealing data.
Malware
Malware is software that has been intentionally designed to cause damage or harm to a computer, server, client, or computer network – often for the purposes of extorting money. A wide variety of malware exist, including viruses, worms, trojan horses, ransomware, spyware, adware, rogue software, wiper and scareware. Malware exists for a number of reasons such as causing malicious damage and stealing financial details and sensitive information. Ransomware is a form of malware where attacks are designed to block access or take down sites until a sum of money is paid.
Clear and present danger
The average cost of a business cyberattack is estimated to be £3 million and around half of the cyberattacks involve email phishing, a figure that is 20% higher than the global average.
We partner with Mimecast, a Gartner Magic Quadrant global cybersecurity leader, to provide a unique range of local and offshore services. Cloud-based layered security provides advanced safeguarding and business continuity, protecting email and messaging services, along with access to your securely archived information.
For more information about our cybersecurity solutions, visit business.sure.com/products-and-services/cybersecurity or email contactus@sure.com.
