Cybersecurity Trends to Watch
David Keating
Group Security Sales Director
Everyone is talking about cybersecurity at the moment. It’s rare to get through a week without a high-profile brand or business falling victim to a cyberattack. New regulations and frameworks are being introduced to help businesses grapple with a changing threat landscape, while changes to how employees work, use devices, and connect to networks mean organisations are faced with new and evolving threats that challenge their existing security defences. At times, it can feel like an onslaught.
At DataSolutions we’ve been closely monitoring the trends in cybersecurity. We’ve also been thinking a lot about how our vendors and partners have been utilising the best in cybersecurity technology to protect businesses from attacks. Here we’ve put together a short guide to four of the most critical cybersecurity trends, with recommendations from our team for how to tackle some of the most challenging threats of today.
Phishing
Changes to how we work has necessitated a reliance on several web-based tools such as Office 365, Zoom, Microsoft Teams, Slack, Dropbox and G-Suite. This has been a major departure from the traditional methods of pre-pandemic working, which centred primarily on on-premise email and face to face meetings.
As the tools we work with have changed and become more numerous, social engineering attacks are becoming more sophisticated, and attackers are using increasingly novel ways to successfully trick their targets into giving over critical information or data. While email still remains especially vulnerable to phishing attempts, businesses must now secure all their business communications across all web-based collaboration tools.
In the current threat landscape, it’s not enough to rely on the standard, built-in security tools on offer from Microsoft and Google. The goal of a Phishing attack it to trick users into clicking on a link that download some malicious content. Traditionally this was done via email but new(ish) collaboration tools like Zoom or MS Teams are increasingly being used. So a security platform that specifically protects against phishing threats in email and collaboration tools is a must-have, and with this in mind, businesses must include protections for all web based tools as part of a wider cybersecurity strategy. Thankfully, the security solutions are already out ther
Leveraging the power of artificial intelligence, Checkpoint Harmony Email & Collaboration stops the most sophisticated phishing attacks before they reach a user’s inbox. Harmony Email & Collaboration sandboxes all incoming files and links to detect known and zero-day threats. Its AI technology analyses the content of emails, scanning for hundreds of phishing indicators in every message and blocking even the most advanced phishing attacks across all business communications before they’ve reached a single user.
Ransomware and malware
Phishing often leads to ransomware and malware, which remains one of the biggest threats to organisations, with over 400,000 new malicious files detected every day.All too often, businesses discover that their devices have been infected or their critical data have been compromised only after an attack has taken place.
It’s difficult to stop everything getting in, especially in large organisations. Businesses can do all the security training in the world, but malicious links will still be clicked on and devices can still be infected with malware and ransomware. Fortunately, there are technologies businesses can use to defend themselves, taking a proactive approach to their cybersecurity strategies and minimising the risks of malware and ransomware
How many people have fallen victim to an attack, only to later find themselves thinking, “If only I hadn’t clicked on that link or opened that file?” Well, with the rollback capabilities of Checkpoint Harmony Endpoint, user can do just that, endpoints can be restored to their pre-attack state – working in a similar way to Apple’s Time Machine. This is the technology that businesses require for those times when devices do get infected, and data is compromised.
Distributed Denial-of-Service (DDoS) attacks
A DDoS (Distributed Denial of Service) attack is an attempt to overwhelm a targeted system, network, or website with a flood of traffic from multiple sources. This flood of traffic typically comes from a botnet which is made up of thousands, or even millions, of compromised devices such as computers, servers, and IoT devices that have been infected with malware or other malicious software. The objective of a DDoS attack is to render the targeted system or website unavailable to its users.
There are several types of DDoS attacks including volumetric attacks, which flood the targeted system with a massive amount of traffic, and application layer attacks, which target specific applications or services on the system. DDoS attacks can also be categorised as network-layer attacks, transport-layer attacks, or application-layer attacks, depending on the network stack layer that they target.
The risks posed by DDoS attacks to organisations can be severe. One of the most significant risks is the potential loss of revenue due to downtime. If a website or online service is unavailable, customers may be unable to make purchases or access their accounts, resulting in lost sales and a damaged reputation. Additionally, DDoS attacks can be used as a smokescreen to distract security teams from other attacks, such as data breaches or malware infections.
If attackers are successful in overwhelming a system or network, they may be able to exploit vulnerabilities or gain unauthorised access to sensitive data resulting in potential data theft, identity theft, or other types of cybercrime.
To mitigate the risks posed by DDoS attacks, organisations should have a comprehensive cybersecurity strategy that includes measures such as network segmentation, traffic filtering, and access controls. Additionally, DDoS protection services such as those provided by Vercara (formally Neustar Security) can mitigate the effects of a DDoS attack. Vercara has built a dedicated 15 Terabyte scrubbing network that absorbs all DDoS attack traffic in real-time, letting businesses carry on as normal. By taking these measures, organisations can help to protect themselves from the potentially devastating effects of a DDoS attack.
Regulatory frameworks
The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity. Its successor, NIS2, is due to come into effect in October 2024. While NIS originally covered a smaller range of industries, including banks and healthcare firms, the new directive is much broader. Businesses and organisations within a wide range of industries, including food manufacturing, courier services, public administration, social networks, public communications and network services, will need to comply.
What are the key changes?
Increased scope: As outlined above the NIS2 Directive extends the scope of the previous NIS Directive to include many additional sectors, such as digital infrastructure, various types of manufacturing, public sector, data centres and online marketplaces. This means that a broader range of organizations will now be required to comply with the Directive's requirements.
Stronger cybersecurity requirements: The NIS2 Directive sets out stronger cybersecurity requirements for organisations that fall under its scope. These include mandatory security incident reporting, the implementation of security measures based on risk management, and the appointment of a security officer
Strengthened enforcement and penalties: The NIS2 Directive introduces strengthened enforcement mechanisms and penalties for non-compliance. This includes increased fines, up to €10 million or 2% of the organisation's global turnover, and the ability for national authorities to order the suspension or limitation of an organisation's activities
Cooperation and information sharing: The NIS2 Directive emphasises the importance of cooperation and information sharing between member states and competent authorities. It establishes a framework for cooperation among national cybersecurity authorities and promotes the exchange of best practices and information.
Harmonization with other EU legislation: The NIS2 Directive is designed to be consistent with other EU legislation, such as the General Data Protection Regulation (GDPR). This means that organisations that comply with one piece of EU legislation will likely comply with others as well, making it easier for organisations to achieve compliance across multiple areas.
Overall, the NIS2 Directive represents a significant step forward in strengthening the cybersecurity of the EU and its member states. By introducing stronger cybersecurity requirements, enforcement mechanisms, and cooperation frameworks, NIS2 seeks to enhance the protection of critical infrastructure and online services against cyber threats
We’ll be working with partners closely over the coming months to understand the new directive. We’re encouraging our reseller partners to push out the latest information on NIS2 to all the businesses they work with who will be affected by the directive. The DataSolutions team is here to support our partners and their customers with NIS2.
Look out for our in-depth feature on NIS2 coming soon.
