Things you need to know about the next-generation cyber-attacks.

Businesses, industries, or even the world is becoming more digital and interconnecting more than ever, including the risks associated with a digital world. Digital services, processes, and systems are all a part of the bigger global cyberspace. Cyberspace is a complex environment where interaction between people, software, things, and services comes together.

Cyberattacks can affect a business, society, the economy, and even the world just as severely as the financial crisis of 2008 and the COVID-19 pandemic. The World Economic Forum is already warning to prepare for a cyber-COVID pandemic. The recent U.S. oil pipeline DarkSide ransomware attack that forced the shutdown of a major gas pipeline that supplies 45% of all fuel consumed on the East Coast is a clear warning to prepare for such an event.

Cybercrime and attacks are already an upcoming threat, but with COVID-19, it has become a significant problem for governments, corporates, small businesses, and consumers. Worldwide the ransomware attacks, for instance, soared and grew 485% in 2020 when compared to 2019.

In the Netherlands, there are 1.344 reported cases of breaking and entering. However, there are 1.896 registered cybercrime incidents reported. Research about the Netherlands shows that in 2018 63% of data leaks were caused by staff who passed data or send personal details to the wrong person. Only 4% is because of malware, phishing, or hacking attack.

Every organization is a potential target

Potentially every organization can be a target for cybercriminals. The sorts of targets can vary between countries or because of the difference in goals among cybercriminals. The top sector of the Netherlands is a target for industrial or economic espionage, and national governments are interested in political intelligence. Vital processes are a popular target for sabotage, and of course, wealthy organizations are a favorite target of cybercriminals that want to earn money.

Cyber-attackers shift focus to SMEs

There is a switch from big corporate organizations being the primary target and victim of cybercrime to increasing cyberattacks against small and medium-sized organizations.  

Security companies like EYE-Security have noticed a growth in attacks on SMEs.   

The SMEs that work with sensitive information are the initial target of cyberattacks. These types of ransomware attacks are a relatively new development in the cybercrime world. Job Kuijpers, CEO of EYE, said that this extortion method was hardly ever used before in SMEs; now, it is the standard form of attack.  

Organizations can serve as a steppingstone

Cybercriminals also attack organizations to get access to the data of other organizations. An organization that is a global supplier with massive personal data storage is an ideal target. 

These concerns, for example, suppliers of hardware and software, vital processes, such as those of telecom companies, or organizations that collect and process personal data on a large scale, including medical and employee data. 

Criminals actively search for weak links in business chains as a steppingstone to (more) attractive targets. Sectors or organizations that seem to be of no interest for direct attacks can still prove valuable to obtain an entry position to attack another primary target. 

The secondary targets are a threat to your business because of gaps and vulnerabilities in their processes and systems —for example, system failure due to technicality, unpatched servers, or unintentional/ intentional error by employees.  Employees are a considerable security risk, 90% of the data breaches in 2019 result from human error. The years before, employees accounted for 61% and 87% of the data breaches.

On top of all the reasons why relatively small organizations are a target, they need to level up their security to keep up with the fast and continuous developing cyber-criminals.

The fifth generation of cyber-attacks

Now, the 5th generation (Gen V) of cybercrime is fully developed. This generation of sophisticated multi-vector attack types can hit network, endpoint, mobile, and cloud environments as part of well-coordinated campaigns, which is significantly more disruptive than the traditional virus attacks because of their enormous impact. Also, cybercriminals specialize in different areas of the cybercrime market. Specialized criminals are another reason why cybercrime progresses at a much faster rate. Inexperienced criminals can almost immediately get to work because all the tools are easy to access, even including support or offering attack as a service.

Some examples of this specialization mentioned by KnowBe4 are:

  • Cybercrime has its own social networks with escrow services
  • Malware can now be licensed and gets tech support
  • You can now rent botnets by the hour for your own crime spree
  • Pay-for-play malware infection services that quickly create botnets
  • A lively market for zero-day exploits (unknown vulnerabilities)

Many organizations’ security levels are lagging and are at the 2nd and 3rd generation maturity and struggle to keep up with today’s attacks’ sophistication and development speed.

In the next 8 to 15 years, quantum computing will threaten our security system based on the applied public key encryption algorithms. Quantum computers can potentially undermine the whole security system, the economy, communications, transportation, banking, energy, and other critical systems. For the time being, criminals can copy and store sensitive encrypted data for decryption in the future by quantum computing.  

Five measures for better protection

Most organizations are protecting themselves with generation 2 and 3 security measures. For these organizations, it is time to step into the fifth generation of security. Below are five guiding principles that will help in the process to defend against the 5th generation cyber-attacks:   

  1. Real-time threat prevention: defend your organizations from attacks with real-time threat prevention so you can act before the actual infiltration of your organization.
  2. Consolidated security system: simplify complexity resulting from gaps and fragmentation from point solutions to prevent your organization from complex cyberattacks effectively. And reduce the cost of remediation.
  3. Single pane of glass: a central security management environment that manages and monitors all integrated security components and responds to all security activities and events as a single, unified security system.
  4. Up-to-date threat intelligence: collect and share threat intelligence in real-time throughout the system to prevent zero-day attacks. Threat intelligence must cover all attack surfaces, including cloud, mobile, network, endpoint, and IoT.
  5. Security awareness training: Turn your employees from your biggest security risk into a line of defense with security awareness training by providing them with the required knowledge and essential guidelines to identify and respond to cyber threats.

With these precautions, you will make it more challenging for hackers and cybercriminals to find a weak spot in your organization.

Want to read more information like this? Subscribe to our newsletter!

We will send you the latest news and updates straight to your inbox. And we promise not to spam you. ​

Don't miss any updates

Want to know more about this blog topic?

Our business sparring service is a great way to discuss your ideas and challenges to support your decision-making processes.

Related Posts

Maurice Remmé

Unleashing Leadership Potential: Navigating the Journey from Product Manager to Product Management Leader in Managed Services

Embark on a transformative journey from Product Manager to Product Management Leader in the managed services industry. This comprehensive blog post provides profound insights and strategies for success. Explore topics such as leadership transformation, essential tools, fostering growth, the power of diversity, strategic vision, collaboration, team performance, building a strong product culture, stakeholder relationships, and future readiness. Chart a course to leadership excellence and ignite an online discussion.

Read More »
Maurice Remmé

How to Develop Strategic Objectives and Strategic Focus Areas

Creating a strategic plan for a business is a challenging task, but it is an inevitable part of building a successful enterprise. A business without a well-laid-out strategic plan finds itself struggling to recover in times of crisis. On the other hand, as long as you have a plan, you have direction. To create a strategic plan that is easier to implement and stick to, you need to specify your strategic objectives and strategic focus areas. These are the pillars on which your strategic plan is built.

Read More »
Maurice Remmé

Successful Strategy Execution: What’s the Secret?

Almost all businesses have corporate, functional, or business-level strategies. To formulate the required strategies requires the allocation of a considerable amount of effort, money, and time. This investment can be wasteful if the implementation of the strategy is ineffective or wrong.
While the objective to define the company’s strategy and pursue it by making the right resource-allocation decisions sounds simple, most companies struggle with execution. However, flawless strategy execution is the critical factor that determines whether a business succeeds or fails.

Read More »