Cybercrime never sleeps. While many organizations save their reports on cybersecurity trends for the beginning or end of the year, it's always important to think about what drives data loss, breaches and identity theft.
With one quarter of 2018 in the books, have criminals' strategies played out as planned? What have companies done to defend themselves?
Cyberattacks and defenses are always evolving. Organizations that don't consistently think about cybersecurity might find themselves stumbling into a newly developed type of data breach. In the escalating data arms race, every advance by either side is met with a response.
Defining Q1 trends
Ransomware attacks, which have reached staggering rates, are a major concern according to Cybersecurity Ventures Editor-in-Chief Steve Morgan when asked what his main takeaways were from January through March. He predicted ransomware rates will reach one strike every 14 seconds by 2019. And because hackers have relied on ransomware so much so recently, firms have responded by investing considerably in defense technology and programs.
Organizations are trying trends such as white-hat hacking to get ahead of the threats they've witnessed so far. Morgan said the ratio of ethical hackers to unethical hackers is tipping in the good guys’ favor, but it would be unrealistic to assume that every organization announcing such a pivot will make the move successfully.
Simple attacks on the rise
Email-based data breaches also rocked Q1 2018. According to specialty insurer Beazley, hackers are opting for relatively easy forms of account compromise. Rather than running an extensive scheme of impersonation and psychological tricks, they're just firing off phishing emails laden with fraudulent links. The link takes the user to a site that then harvests credentials, giving the hacker email access.
Considering the number of internal corporate systems that have simple login systems - the details of which can be found in the breached email accounts - it's little surprise that inboxes are common battlegrounds between hackers and employees. Considering the potential windfall that may come from breaching even one careless employee's click, the criminals' schemes come into focus: Blanketing email accounts with phishing emails may get enough hits to make activity financially worthwhile.
When users don't follow best practices, hackers find it easier to seize their company email accounts, then perform their pivots to attack other systems. Social engineering - getting individuals to give away their passwords through trickery and falsified credentials - is a method criminals employ when the technological defenses in place are strong. When hackers are able to take the data they want through simple brute-force tactics, they don't have to waste time and effort being subtle.
A year like any other
While data loss trends will inevitably change from one year to the next, the general response strategy remains the same. Company leaders must prepare their employees to deal with the latest developments and ensure their systems aren't exposed to hackers' new attacks. Falling behind can have devastating consequences due to the ever-evolving nature of security today. Whether they turn to third-party partners or rebuild their defenses with internal resources, IT leaders are engaged in a constant race against cybercriminals' development efforts. The focus on ransomware and brute-force email attacks in early 2018 is the latest permutation of a scene always undergoing change.
To become more attuned to today's cybersecurity landscape, check out to Identity Guard Business Solutions Resource Center.