Ian Snow, MD at CT takes a look at the biggest cybersecurity threats as we move into 2020

They say that hindsight is a great thing, but when it comes to cybersecurity in 2020, foresight is crucial. With 2019 coming to a close, companies are already having to prepare for the cyber threats they'll face in 2020. Although attackers are constantly looking for new exploits and strategies to defraud and damage companies, some older threat strategies remain amongst the most frequent threats to a business’ cybersecurity.  Whilst many may not be new, they are increasing in frequency.
 

Ransomware

According to the 2019 Official Annual Cybercrime Report, a business falls for a ransomware attack every 14 seconds. Ransomware is a form of malicious software (malware), delivered by email, that renders all data inaccessible – essentially locking you out of your device.  Attackers typically demand payment to release the files.   There has been a growing trend of ‘targeted’ attacks – where criminals identify critical files and systems within an organisation.

So what do you do if this happens? Disconnecting your device from the network is the first step – this can reduce the number of files lost. Contact an IT expert who can investigate how and why the attack happened. Once this has been determined, ensure good malware protection software is installed and regularly carry out data backups to prevent future attacks.
 

Phishing

Phishing – a term meaning to ‘fish’ for passwords and financial data – has become one of the most common methods of cyber-attack. Scammers tend to pose as a trustworthy business or service such as a bank in order to gain sensitive information from victims. The point of vulnerability here isn’t in the computer systems – it’s human.

It can be hard to spot an attack as phishing emails/messages often look completely convincing. If you do receive a suspicious email, don’t respond, and take immediate action. You or your IT support should run anti-virus software on the device, change all passwords for accounts that use the password captured by the hacker and contact the company or person that was impersonated.

To prevent phishing, be suspicious of unexpected emails, keep spam filters turned on and check them regularly.
 

Advanced Persistent Threats (APT)

Advanced Persistent Threats or APTs are a sophisticated form of cyber-attack where a hacker enters a system network and remains there for a period of time – undetected. They do not inflict any damage to systems, instead quietly stealing financial and security information.  APTs are serious and hard to detect – but there are ways to protect against them. Installing a Firewall to block unauthorised access to your systems is crucial, as is up to date antivirus software.

With any luck, if you’re affected by an APT, you’ll discover it sooner rather than later but if not, take all affected systems offline and restore them from a clean backup.  
 

Botnets

A botnet – short for ‘robot network’ is effectively a network of robots. Botnets are collections of internet-connected devices that have been compromised by an attacker. They are used to initiate attacks on websites, steal private information and deploy malware.  Botnets are free to access entire networks once they’ve infected one device – so look out for strange emails, pop up ads or software downloads. 

All devices connected to the internet are vulnerable to attack from botnets but taking some precautionary measures can help keep them at bay. Keep software updated, avoid suspicious links and downloads from file sharing networks and look for antivirus protection that covers all your devices.
 

Be prepared

Every business is susceptible to a cyber-attack no matter the size of the organisation.

Not only is having a backup and disaster recovery plan crucial in protecting your business in the event of a cyber-attack, so is training your team as most attacks arise from human error. This is best managed by an IT support specialist which can constantly monitor for threats and remain up to date with the latest methods being used by hackers.

 

Contact the team at CT for more information.