The pandemic has left the country vulnerable in many ways. Unfortunately, this includes the security of our tech devices. During these uncertain times people are searching for answers and we have been proud to stay in front of the trend to provide you with the most accurate and timely updates regarding how to keep either your home network or your work network(aren't they the same anymore?) safe from the ever growing number of cyber attacks. Unfortunately for IT security professionals, that means employees fall victim to cyberattacks all too often. Attackers have taken advantage of the current state of affairs and are exploiting everyone’s desire for information related to the global pandemic. The FBI said in April that cybercrime reports had quadrupled since the pandemic began. Security news outlets are filled with seriously unbelievable statistics about the growth of phishing, malware, and other threats.
So what threats should we as a community be looking for? What can we do to mitigate these threats? To answer these questions we will review some of the most recent attacks to help us navigate how to tackle the ever-evolving risk of cybersecurity threats.
2020 has been the year for phishing and just as the picture to the right depicts, you're not always getting what you're expecting. Typical phishing usually involves e-mails. While this form of phishing is no where near dead in the water, "phishers" are using the pandemic to lure in even more victims .As time has gone on, phishing has quickly evolved to also take advantage of peoples’ concerns about stimulus benefits and reclaiming expenses from canceled events or travel. One hacking group even lured people in with offers related to food delivery services. This means employees must be extra vigilant about identifying phishing emails and use a zero-trust policy in their online lives. They need to approach every email cautiously and verify whether anything that looks suspicious is in fact legitimate communication.An analysis by one security firm found that 70 percent of phishing emails delivered malware, while the majority of the rest sent people to fake landing pages to try to steal their login credentials. Remind employees to be very cautious with their login information and follow all password protocols. When is the last time you have scheduled a mandatory employee cyber security training session with your MSP? My bet, is that it needs to happen sooner rather than later because phishing is up 350 times the normal rate since the pandemic began.
The internet isn’t a very safe place these days, especially for those visiting pandemic-themed websites. Bad domains have risen dramatically these past few months. Researchers at Palo Alto Networks recently examined 1.2 million newly registered domains containing pandemic-related keywords, and found that more than 86,600 of them were high-risk or malicious. Meanwhile, other bad actors have created websites designed to look like authorities such as the CDC. To keep browsing safe, you must have software to protect your computer. Please reach out if you need any guidance on picking the right software for you and your company.
Hackers aren’t just targeting individual employees, though. They’re targeting entire organizations with ransomware in an attempt to benefit financially off of those who need to regain access to their information quickly. Unfortunately, that has resulted in these groups targeting hospitals and healthcare providers over the past few months, where there may be serious consequences if these organizations can’t get back up and running right away. Healthcare isn’t the only target, however. All businesses are realizing too late how risky ransomware is. This rise in ransomware highlights the importance of not only practicing good computer hygiene, but also having good processes in place for monitoring devices and networks so you can detect and mitigate threats as soon as possible.
Firmware attacks have grown much more common in recent years, and with more employees working remotely, it’s wise to not overlook layered security protection for endpoint devices. It’s easy to get behind on firmware patching, and the consequences can be severe. Antivirus software won’t detect a threat beneath the operating system, leaving an endpoint device open to attack.
All these threats raise the question: What should you be doing right now to protect your organization? In addition to having employees follow best practices for remote work and endpoint security, you can opt for technology that comes with security features pre-installed. While built-in security won’t prevent an employee from clicking on something malicious, it can protect their endpoint device from infection. This is when having a managed service provider benefits you the most. Billions of dollars have been lost this year due to cybersecurity. To learn all of the ways that Maggard Technology Solutions can prevent these threats contact us today!