A new security report has revealed some alarming trends.
The biggest takeaway is that cyber-attacks are becoming faster than ever. Breakout times (that’s the time it takes for a criminal to move within your network after first getting in) have dropped significantly. We’re talking an average of just 62 minutes compared to 84 minutes last year.
This is not good news.
Not only are these attacks faster, but they’re also becoming more common. The report has identified a whopping 34 new cyber-criminal groups, bringing the total to over 230 groups tracked by the company.
And guess what? These cyber criminals aren’t sitting around twiddling their thumbs. They’re getting smarter and more sophisticated. The report highlights a new record breakout time of just two minutes and seven seconds. That’s barely enough time to grab a coffee, let alone mount a defense.
But here’s the real kicker: The human factor is increasingly becoming the main entry point for these cyber-attacks.
They will try to get your people to click a link in a phishing email, which will take them to a fake login page. Once your employee enters their real login details, they have inadvertently handed them over.
Or they pretend to be someone your team trusts. This is called social engineering.
The fact is that this can happen to you. Our clients have been reporting an increase in phishing attempts with the targets always trying to get their money. Cash and gift cards, Western Union, wire transfers and lastly ransomware. Ransomware has dropped off but once these criminals get into your network or your Google Workspace or Microsoft 365 they can access your email, your calendar, your OneDrive, any SharePoint data you have access to. They can then take their time and learn who they need to target and for what. Trust me, we’ve seen this.
So, what can you do to protect your business from these cyber threats?
Educate your employees
Make sure your team is aware of the latest cyber threats and how to spot them. Regular training sessions can go a long way in preventing costly mistakes. Having these on autopilot will make sure they don’t get forgotten either. Repetition is key.
Don’t install non-essential apps on your cellphone
Compromised apps (or even fake ones) can give access to your microphone, camera and all the data, apps and sites you store or visit on your phone. We’ve seen this type of attack work on company and personal phones and have assisted clients and their staff with compromised cellphones.
Implement strong password policies
Encourage the use of complex random passwords generated and remembered by password managers. Use multi-factor authentication for an added layer of security (this is where you use a second device to confirm it’s really you logging in). Don’t save your login information in a spreadsheet, text document or phone or email contacts. Don’t use the password manager built into your favorite browser either. It’s the first place the criminals check.
Keep your systems updated
Make sure all software and systems are up to date with the latest security patches. Cyber criminals often exploit known vulnerabilities, so staying current is key.
Invest in cyber security software
Consider investing in reputable cyber security software that can help detect and mitigate threats in real-time (we can help with this).
Backup your data
Regularly backup your data and store it in a secure location. In the event of a cyber-attack, having backups can help minimize downtime and data loss.
When it comes to cyber security, it’s better to be safe than sorry. If we can help you to stay better prepared, book a discovery call or get in touch.