In 2020, the problem of protecting your business data from cyber threats is especially acute. In the new reality of COVID-19 pandemic and the mass cloud adoption by businesses and individuals, the cybersecurity landscape has changed dramatically and, most likely, will never be the same.
What has changed in the first place? In a word, everything. The frequency, the harm, the sophistication of attacks has grown thanks to machine learning and AI. Also, the mass reliance on the cloud has exacerbated the situation, making the public cloud attractive for threat actors. Cybercriminals use every chance to gain profit, and now, they have more opportunities to do so than ever before.
What should you do to maximize your business’s chances of staying safe from the cyber threats? First and foremost, educate yourself. Learn some cyber security terms, attend cyber security courses, read how cyber criminals can target your niche and how you can protect it.
This article can help you with the last one. Here is our take on what cyber threats are on the watch for your business data in 2020.
A phishing attack is the most widely used and effective type of social engineering attack that is spread through email. A phishing email is a fraudulent email that looks legitimate but actually is designed by cybercriminals to mislead a user and make them perform some type of action that is expected by the threat actors behind the phishing email.
In the phishing email, you can be required to do anything: click on the link, grant access to some folder or service, provide credentials or credit card numbers, etc. The type of action that is requested always depends on the outcome that is desired. Most often, though, phishing attacks are used in combination with other cyberattacks like ransomware or malware. In this case, after a user clicks on the link or an attachment, the infected executable will infect their device, email, or drive with the virus and encrypt files.
There are many types of phishing attacks. Let’s consider the main ones.
1. Spear Phishing
Spear phishing is one of the most dangerous types of phishing due to its detailed and personated design and highly targeted nature. Spear phishing is always aimed towards the specific industry, organization, department, or person. Often criminals can conduct surveillance to gather all the possible information about the subject to make the email look undeniably legitimate.
2. Whale Phishing
Whale phishing is a type of phishing email that pretends to be from the top management of your company such as CEOs, CIOs, CTOs, CFOs, and other C-level executives. The idea behind this disguise is to look as authoritative and legitimate as possible so other employees who receive this email won’t hesitate when asked to transfer money or provide financial information. Whale phishing requires elements of surveillance because the main part of its efficiency is in its personal approach.
3. Vishing attack
Vishing attack is the voice phishing attack where threat actors prey upon users by calling them. Even though it is not that widely popular as other phishing attacks, it still occurs and leads to data breaches.
Shadow IT is the usage of IT-related software, hardware, or, most often, cloud services by employees within an organization that wasn’t authorized by the IT department. Nowadays, with the ubiquitous adoption of cloud-based services, this issue has become more of a concern for companies than it has ever been before.
The most prevalent form of Shadow IT is Software-as-a-Service – the cloud services that can be easily installed by staff members without any need for the approval of the IT department. In some way, Shadow IT is a double-edged sword that, from one side, can improve the efficiency and productivity of employees but, from the other side, can put all business data in jeopardy.
The thing is, not all third-party applications are reliable and legitimate. Since everyone now uses third-party applications and extensions, it is expectable cybercriminals started using it as one of their platforms for their business. Now, third-party apps are used by them to deliver malware, trojans, ransomware, spyware, or to extort their credit card information.
Here is the scope of actions to protect your business from Shadow IT:
- Create a policy with the rules and explanations on how Shadow IT endangers your employees and organization in general. Make it easily accessible by every employee in your company and include it in the onboarding process. Don’t make Shadow IT punishable; rather, explain all the risks and why employees first should check with the IT department and what exactly the procedure.
- Create an ever-expanding list of blocked and approved applications and make it easily accessible by your employees. It is a job for your IT department – when employees send them an app for approval, depending on the results they will include it in one of two lists.
- Use cybersecurity services that provide cloud monitoring like https://spinbackup.com that show you if the applications connected to your G Suite organization are risky, and what access has been provided to them.
Also, with Spinbackup apps monitoring tool, you can see the level of the trustworthiness of the apps your employees connected to your G Suite and manage them. If the application is detected as “risky”, you can just click to remove the access to your business-critical data and delete the app.
2020 has only increased the frequency and number of attacks. The amount of attacking vectors has also changed its course and made its way to the cloud. And don’t forget that there are also attacks, insider threats, password spraying attacks, and many other ways to compromise your business data, you are waiting out there. If you don’t invest in protection, the chances of the data breach and data loss occurrence are increasing exponentially. The very best thing to invest your money and resources in 2020 would be cybersecurity and cyber awareness.