Once again, we are witnessing history unfolding itself at an alarming pace. The consequences of the Russian invasion of Ukraine have been devastating and world powers have taken actions with broad and grave sanctions. Recently, experts have started raising concerns about the possibility of increased cyber attacks. So who needs to prepare for that and how?
Attacks targeting SMEs and infrastructure
We saw during the Covid-19 pandemic that cybercriminals will attack anyone and anything – even if they promise not to. All organizations, regardless of their size, the industry they belong to, or the geography they do business in, are at risk. Small or medium-sized businesses, or large multi-nationals – every organization is a potential target. Ransomware and phishing attacks are all about casting a wide net, hoping that someone will take the bait. SMEs are increasingly being targeted as their security posture is generally less robust. Having technological measures in place, such as good firewalls or enforcing encryption to scale up your defenses, is not enough. The other things in your cybersecurity toolbox that need to be up to date are your employees. Offering security awareness training and making sure employees know of increased cyber attacks will maximize your organization’s cyber resilience and minimize your risk.
What imminent cyber attacks to expect
Whenever the world is in turmoil cybercriminals use the opportunity to steal data, break into systems, exploit people and jeopardize business operations. Ransomware and phishing attacks are their favorite ways to do just that.
In the past two years, ransomware attacks have been on the rise, both in frequency and price paid in ransom. Some cybersecurity professionals estimate that up to 74% of these ransomware attacks originate from Russia, the world’s leading “ransomware as a service” provider.
Hackers mainly request bitcoin as their ransom. Crypto currency is not just a method to hide their criminal trail. It is also a great way to circumvent the current bank sanctions that have recently been put in place. Hackers currently have a lot of experience and might even be established within multiple systems waiting to attack already. It is therefore, only prudent to expect that there will be increased ransomware attacks on multiple fronts.
When it comes to phishing attacks, we expect to see the rise of disaster scams through phishing. Following big global events and catastrophes such as hurricanes, pandemics or war, fraudsters will take advantage of the situation. They will abuse the vulnerability of real victims (e.g. refugees) and the empathy of observers to obtain valuable personal information or money. They may even set up bogus relief funds and ask people to donate.
Do your employees know how to spot a phishing email?
In a recent study by Verizon, it was estimated that 85% of all cybersecurity breaches are due to human error. Thereof, 36% of breaches were due to phishing, a stark increase of 11% between years. But that’s not all: General lack of knowledge about best cybersecurity practices, ranging from reusing passwords to not password protecting one’s phone, are also common culprits. To protect your organization you need to prepare employees for increased cyber attacks and what they may looks like.
The majority of cybersecurity breaches are not full-blown attacks but rather poking around for vulnerabilities that rely on people’s knowledge and awareness on an individual level to prevent. This can be:
- Clicking on links in phishing emails that will install malicious software into critical systems
- Bad password habits, such as re-using passwords or having simple passwords, which makes it easy for hackers to crack into systems or inboxes
- Not doing critical software updates or accepting updates or downloads from unreliable websites.
Organizations need to take a top-to-bottom look at their cybersecurity status. As we have seen in previous ransomware attacks, it can happen by just clicking on an innocent link, reusing passwords, or not doing software updates as required. It is not enough to defend critical infrastructures with technological measures only. Raising awareness among employees about best cybersecurity skills is just as important, if not more important, to create holistic cybersecurity defenses for your organization.
Five ways to prepare for increased cyber attacks
- Make sure that all software is up to date and remind your employees to install all critical updates to software and remove outdated software and apps from their computers and phones.
- Activate Multi-Factor Authentication where possible. This also applies to employees’ personal social media accounts.
- Consider requiring a mandatory password change, especially for accounts that hold critical information or have privileged access. Now is also a good time to introduce password managers as a security requirement in your organization.
- Send out regular cybersecurity awareness reminders about the importance of keeping your devices up to date and about phishing, including other methods such as vishing and smishing, which are becoming more common. Feel free to use information and screenshots from our School of Phish guidebook.
- Introduce regular cybersecurity awareness training that is designed for adult learners. This means regular, bite-sized training that fits into a busy schedule and introduces various security topics incrementally.
How to build cyber resilience?
Studies and reports from multiple sources, such as Aberdeen Group and Global Market Estimates suggest that security awareness training can minimize cyber risks by up to 70% and give organizations an ROI of about 5-times.
It is AwareGO’s mission to make the world a more cybersecure place. Due to global events and increased cyber attacks we want to help organizations out by giving them a chance to train now and train fast to be better prepared. There might not be time to do a lengthy procurement and inspection of every online course out there. To save time and money we have added relevant training materials to our already free cybersecurity training program. You can sign up for free and train up to 500 people in two weeks. Our platform is easy to manage so you can start training in a matter of minutes. Send out the free training package all at once or spread it out through a few days to avoid training fatigue.
Free cybersecurity training. Now is the time!
Your employees are already aware of imminent and increased cyber attacks. Therefore, they will be more open to receiving training. Now is the time! The free cybersecurity training course will only be available for a limited time. We have hand-picked relevant micro-learning videos that focus on the most common tactics that hackers use to trick people and gain access to sensitive data.
The free training program includes training on:
- Phishing tactics and how to recognize phishing emails
- Ransomware attacks and how to avoid them
- Best practices on password handling, including multi-factor authentication and good password habits
- Updating software from trusted sources and the dangers of extortion emails
- Other cybersecurity vulnerabilities that rely on human behavior on an individual level to work, such as software updates.
Sign up – no credit card or commitment needed.