Unfortunately, these days there are more and more threats that can put our company’s corporate cybersecurity in a bind: ransomware, cryptojacking, denial of service attacks, BEC scams… The range of possibilities is almost infinite, and the worst thing is, it keeps growing.
But, what are the most serious threats? Of all the possible options, which are the most frequent, the most difficult to tackle, and, above all, the most damaging for our IT security?
To find out, we turn to Europol. In their 2018 report, Internet Organised Crime Threat Assessment (IOCTA), not only does the agency offer data about the threats that are most dangerous, but also about those that are fastest growing or those that, while they didn’t use to pose a serious risk, have stepped up their game in the last few years in order to attack companies, public bodies, or educational institutions, among other organizations. The following are but a few examples:
Without a shadow of a doubt, ransomware is still the absolute king of cybercrime, even though we have seen a striking evolution. While this kind of attack is still on the rise, its rate of growth is slowing somewhat. But in any case, it continues to be the most common method to attack companies for financial reasons, and as such its advance is still cause for concern.
It is no trifling matter: last year, the cyberattack on Equifax affected over 100 million users all over the world, and so the danger of ransomware is still a constant. Looking forward, Europol predicts that this kind of attack will begin to ‘relocate’, shifting its focus to mobile devices, both in the public and private domain.
This trend is one of the most recent, and as such, is more dangerous, as it can be something of an unknown for companies and users. Cryptojacking isn’t necessarily out to steal our information, nor to access our bank details. What it aims to do is to use our mobile device to mine cryptocurrenties, a practice that ends up consuming our company’s IT resources without us even realizing.
Whether through malware or by hacking into the websites we visit, this practice can cause IT problems in the company, or can even seriously affect its corporate cybersecurity. The worst thing about this may well be that, since it is a recent threat, many companies don’t take measures against the damage it can cause.
What’s more, this threat is directly linked to another: the increase in the frequency with which cybercriminals turn to cryptocurrencies, whether to cover their tracks or to launder the money they earn from cyberattacks on companies and institutions.
Distributed denial of service (DDoS) attacks are surely among the most widely known attacks. But the fact that many people know of their existence hasn’t caused them to disappear. In fact, according to Europol, these cyberattacks are the second most common after ransomware.
Their success is due, above all, to the fact that it is increasingly simple and cheap to carry them out, and they can cause serious economic losses for the companies that experience them.
4.- Social engineering
Phishing continues to be another of the most common ways that cybercriminals attack, gaining access to company data that, logically, they should never have managed to reach. There are some particularly notable cases, such as BEC scams. Here, the cybercriminals pose as directors of a company in order to get confidential information or economic gain from employees. Another noteworthy case is that of tech support scams.
How to avoid these threats
1.- Prevention and cyber-resilience. Companies cannot wait until an attack comes in order to try to stop it. They must act preventively, as well as being up to speed with new cyberattack strategies, so that no new methods take them by surprise.
2.- Advanced cybersecurity solutions. At the same time, it is vital to have technological solutions that help to maintain corporate cybersecurity. Panda Adaptive Defense not only acts against foreseeable attacks, but, above all, it detects all kinds of possible threats beforehand, monitoring in real time the activity in each organization, staying ahead of the cybercriminals.
3.- Employee awareness As we always say, a lot of the time, employees are the most effective point of entry for cybercrime. This is why companies not only need to make their employees aware of what they must and mustn’t do; they also need to enact clear action protocols for the cases where these employees suspect that a possible threat may be at the doors.