One of the most challenging elements of cybersecurity is knowing what’s to come. While none of us have an IT crystal ball (unfortunately), we can make educated guesses based on the evidence around us. One thing that is for sure, though, is that cybercriminals are more of a threat than ever.
According to the FBI’s Internet Crime Report from last year, a record 847,376 cybercrime complaints were reported by the public in 2021 – a 7% rise from the previous year. The culprits are constantly working hard to be ahead of the game and ahead of IT teams’ security, so there are understandably a few issues concerning today’s experts.
In our latest report, “Cybersecurity experts’ views on email security within Microsoft 365”, we spoke to Lisa Forte (Co-founder of Red Goat Cyber Security LLP), Robin Bell (CISO, Egress Software Technologies, and Jack Chapman (VP of Threat Intelligence, Egress Software Technologies) about the cyber threats keeping them up at night.
Evolving cybercrime is for sale
The incredibly speedy evolution of cybercrime is what concerns Jack Chapman the most. And with good reason; just this summer, a story hit the news where the FBI seized three domains used by cybercriminals to sell stolen information. One was a particular problem, as it sold subscriptions that allowed users to search a database of stolen information harvested from more than 10,000 data breaches.
“The biggest thing keeping me up at night is how quickly attackers are evolving and how sophisticated their toolsets and methodologies are becoming,” Chapman explains. “They are taking what would previously be months’ worth of work, automating it, and selling it to other criminals. This will lead to both far more attacks and an uptick in more sophisticated attacks.”
Ransomware-as-a-Service (RaaS) in particular has become a full-blown business, meaning organizations need to ensure they have the skills needed to plug security holes and stop attacks before they can happen.
Simple mistakes that can lead to tragic outcomes
Human error is always a factor to consider, but it becomes a major problem when sensitive information is shared with the wrong person – even if it’s an accident. “I’m currently doing some pro bono work for charities around the world,” says Lisa Forte. “One of them deals with victims of domestic violence – very serious cases and data, as you can imagine.”
She continues, “They had a very simple mistake turn into a potentially life-threatening situation all because one well-meaning member of staff sent a document with a victim’s details out to people who had inquired about something. She thought she was sending a blank form. It wasn’t. So, for me, I see how easily very serious mistakes can be made by anyone – and the ramifications of that can be very scary.”
That’s far from an isolated case. The Health Service Executive recorded over 2,000 data breaches last year, primarily due to files containing confidential information going missing or being sent to the wrong service users. The potential loss of highly sensitive information is a real threat and can cause problems for the person whose information has been lost and the victim of the attack themselves.
The rise of smishing
Smishing is like phishing but is conducted via SMS. Smishing involves texting malicious links or attachments containing malware to somebody’s mobile device. That makes an area once thought safe quite dangerous, leading to more people clicking on the links.
“Smishing has increased significantly,” says Robin Bell. “The problem is not only is it harder to protect against from an IT point of view, but it’s almost impossible to build reporting of the frequency and risk to the business, especially where organizations support a BYOD (bring your own device) policy.”
Smishing attacks more than doubled year on year in 2021, and it’s the ideal time for cybercriminals to attack mobile devices with so many people working flexibly or from home.
Being aware of and concerned about these issues is part of the battle for IT professionals. Knowing about the risks and their impact means managing them and being prepared for the worst, which means implementing smarter, more innovative defenses.
That’s only a glimpse of the insights offered by these experts. In the full report, they detail other issues facing CISOs, including phishing trends, how to augment existing email security, and more.