As the world becomes increasingly digitised, the onslaught of cyberattacks hasn’t gone unnoticed. In the 2020-21 financial year, the Australian Cyber Security Centre (ACSC) reported a 15 per cent increase in cybercrime reports, citing ransomware as one of the most significant threats to organisations.[1] Fortinet’s 1H 2022 Global Threat Landscape report cited 10,666 ransomware variants across the platform over the past six months, compared to 5,400 in the previous six. The rise in persistent threats is a cause for concern as cybercriminals swarm organisations with substandard security measures in place.
Given the number of connected devices is expected to grow over the next few years, it’s unlikely that cyberthreats will slow down anytime soon. Organisations that haven’t invested in proper cybersecurity solutions are at a significant disadvantage and open themselves up to reputational damage, financial loss, and even severe legal penalties due to negligence and breach of compliance with regulations.
This creates a significant opportunity for the channel to work with customers to improve and prioritise cybersecurity. The time for complacency is over and businesses must reconsider their current approach and align business goals with cybersecurity needs to reduce risk. There are three critical reasons why your customers must prioritise their cybersecurity now:
1. Cybercriminals thrive and continue to evolve in times of uncertainty
Amid global economic uncertainty such as global recession concerns, businesses often reassess their budgets and look for areas to cut back. For some, this means reducing cybersecurity programs and relying on outdated cybersecurity tools. However, cybercriminals thrive on disruption and are exploiting current economic conditions to increase their attacks, and are especially targeting businesses with ageing legacy systems. In fact, most cyberattacks are successful because they leverage the technical weaknesses of a business’s cybersecurity defence system that are the result of legacy software and hardware still in use. Investing in powerful cybersecurity software tools will equip businesses with robust defences that can protect both employees and customers against cyberthreats. By maintaining good cyber hygiene, businesses can also minimise the risk of operational interruptions, reduce data loss or compromise, and improve their overall security posture.
Staying on top and getting ahead of cyberthreats is easier said than done. Adversaries are constantly evolving, testing, and changing their strategies to achieve their mission in targeted environments. As more endpoints connect to the internet, the attack surface increases and gives cybercriminals multiple entry points to attack. To understand how to optimise cyber defences, it’s important for businesses to identify the behaviour of adversaries and the tactics, techniques, and procedures (TTPs) associated with them. Efforts such as the MITRE ATT&CK framework help provide information about threats and threat actors, including how to classify and mitigate those threats.
2. Hybrid work is here to stay
Remote and hybrid work models are likely to extend into the foreseeable future, which will continue to present significant cybersecurity challenges. Today, the lines between personal and corporate networks are blurred and threat actors are looking to exploit that. Cybercriminals can access work servers and cloud services via phishing emails, weak passwords, and unsecured home devices. Businesses must rethink their edge security strategy by taking a zero trust approach that is designed to keep networks secure even while workers are operating outside of the organisational architecture. This level of security will continue to protect and secure increasingly distributed networks and reduce the risk that comes with outdated technologies.
3. Ransomware variants are expanding
The number of ransomware variants has nearly doubled in six months making ransomware an increasingly troubling issue.[2] The attacks are becoming not only more sophisticated but more aggressive with attackers introducing new strains and updating old ones. The cybercriminals responsible for ransomware attacks are also improving their evasion techniques, calling for a higher level of cybersecurity to protect against these advanced strikes. The best way to protect against ransomware is a proactive approach which would include real-time visibility and remediation, with zero trust network access and endpoint detection and response.
Putting cybersecurity first
Digital transformation is redefining how businesses operate and deliver value to customers. However, it also increases the risk of threat actors exploiting gaps or weaknesses in network security. Therefore, it’s crucial for organisations to minimise their attack surface by implementing zero trust policies and decreasing the number of ways cybercriminals can enter a network or device.
However, businesses must first understand the current threat landscape to find out where attacks are coming from and who is leading the attack. Demystifying the threat landscape will help businesses anticipate risk, determine the likelihood of an attack, and understand the resulting impact when, not if, an attack occurs.
To learn more about the top threats during 1H 2022, download Fortinet’s latest 2022 Global Threat Landscape Report.
[1] https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-2020-21
[2] https://www.fortinet.com/blog/threat-research/fortiguard-labs-threat-report-key-findings?utm_source=PR&utm_medium=PR&utm_campaign=threatreport