It’s an undoubted fact that the global pandemic of 2020/21 will leave businesses operating in a vastly different landscape to just twelve months ago, with many making considerable alterations to the way in which they function. One such adjustment will be the urgent need for greater vigilance when it comes to cyber threats; something that affects businesses and organisations both large and small.
Quick to capitalise on the disruption caused by remote working and compromised security away from office machines, cyber criminals ‘prospered’ in 2020. According to stats disclosed by it.pro.co.uk, there was a massive 20% rise in cyber security threats compared to 2019, with ransomware attacks alone surging by 80% in the UK in the third quarter of the year.
Throughout 2020, attacks in the UK (and around the world) hit the headlines. Most recently on reuters.com, the SolarWinds hack was hailed by Microsoft President, Brad Smith, as “the largest and most sophisticated attack the world has ever seen”. But in every other month of the year, a well-known UK business or organisation reported an incident, including a HMRC phishing message to the self-employed in June; a TV License text scam in August; an M&S spoof ad in October used to harvest personal information; and a hack at Manchester United in November. These were just the tip of the iceberg.
5 reasons why cyber security awareness is key
So, what key lessons can be learned from these key attacks in 2020? How can you make your business safer in the new environment ahead?
1. Phishing and spam are more sophisticated than ever before
Anyone can be taken in by a polished scam, and phishing is evolving with plenty of new twists. Expected to remain a significant threat in 2021, the danger is refining quickly. Watch out for ‘spear-phishing’ (where individual victims are researched first and then contacted directly); ‘vishing’ (voice phishing, where a voice message purporting to be from your bank or another service provider informs you that your account has been compromised); ‘smishing’ (the same as above, but done via SMS text messages); and ‘angle phishing’ (where the criminal uses social media feeds to discover companies with a poor customer service experience and then poses as a member of the support team in a direct message to targets).
2. Simulating an attack can expose vulnerabilities before it’s too late
The SolarWinds attack shows how clever a ransomware attack can be, and they are – or should be – a great concern for companies and organisations of all sizes. One of the best ways to understand your own vulnerabilities is to simulate a ransomware attack on your own system, discover where your weaknesses are, measure the ability of your business to detect and respond to the breach, and then fix the problems. One key learning to remember: According to techtarget.com one of the most overlooked vectors of attack are wireless guest networks.
3. It’s important to test the integrity of the software you use
Be more rigorous in how you test the software you have on your network. Don’t simply accept a vendor’s third-party validation or an automated code review. Manual reviews are much more robust, allowing for proper interrogation of codes and updates, and are much more likely to detect any vulnerability and limit potential damage.
4. Staff awareness of threats and risk could prevent most attacks
This sounds like common sense but is so often overlooked. At every step of the way, the most efficient method of limiting the damage from cyberthreats to your company is to keep you and your staff trained about the risks.
5. Don’t just check everything once – it’s a continual process
Again, this part is important but frequently shelved when people are busy. Build it in to your IT calendar and make it a priority.
Phishing & Security Awareness as a Service
Phishing & security awareness tools are designed to tackle the issue of users being a weak link in your IT security.
Yet many organisations struggle to get the most from these resources. No matter how many training videos and security awareness tools you have at your disposal, to be effective you need to regularly run awareness campaigns and achieve high levels of employee engagement. This is usually a manual process and can be a drain on resources.
That’s why we have created a service that manages this workload for you.
Cloud Business’ Phishing & Security Awareness as a Service boosts security with regular phishing awareness campaigns run on your behalf.
- Fully managed service – A managed service offering a minimum of 6 phishing/training campaigns per year.
- Train your users – Access the world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters.
- Phish your users – Improve awareness by running extra simulated phishing attacks whenever you want.
- See the results – Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!
If you’d like to find out more about this service, please get in touch with our team.