Are You Ready to Face the Next Generation of Cybersecurity Threats?

Building Smart Defenses Now Will Help You Defeat Tomorrow’s Monsters of Cybersecurity 

---

Nothing stays the same forever, especially in IT. After all, security companies aren’t the only players in the cybersecurity landscape that have a vested interest in innovation. With each security development move, cybercriminals are ready to make a counterstrike to bypass new defensive tools. As technology changes and tumultuous events rock the world, the cybersecurity threats that businesses face will continue to evolve too, growing and changing into a new breed of monster for IT teams to fight. 

---

This post is excerpted in part from our scary good eBook Monsters of Cybersecurity. DOWNLOAD IT>> 

---

There’s Trouble Ahead

---

While it isn’t possible to really determine the course of cybersecurity events in 2022, a few key indicators can point prudent defenders in the right direction, allowing them to establish defenses that can stop the next generation of monsters before they strike. These five growing threats are sure to feature in future cybersecurity horror stories. 

Aggressive Nation-State Threat Actors 

Recent attacks on infrastructure targets as well as government and business strikes have spotlighted the danger that an increasingly connected world faces from cybercriminals with nationalist motivations. This category will continue to grow, especially around malware like ransomware, the most commonly used tool of nation-state cybercriminals. 

Growth in Brand Impersonation 

Businesses are doing more online than ever before, creating a veritable flood of business email, especially corporately branded email from companies like Microsoft, the top brand impersonation target. Cybercriminals aren’t wasting any time cashing in on the new opportunities that flood produces, especially spoofing. As much as 80% of all spear phishing includes brand impersonation.  

Abundant Ransomware Variants 

One of the fastest-growing areas of cybercrime is ransomware. Cybercriminals know that this attack can net them a fat profit fast. They’re also innovating to create ransomware variants that can make them even more cash, like double extortion ransomware that encrypts data and systems in one attack allowing bad actors to solicit two ransoms. It accounted for 50% of ransomware attacks in 2020. 

Growing Ransoms 

The average ransom amount doubled over the last year. A recent Tripwire report declared that the average ransom paid by organizations has increased by 82% over the already huge demands logged in 2020. The average demand is now a record $570,000 (£414,000), compared with just $170,000 (£123,000) in 2020. A recent record-breaking ransomware demand against Acer reportedly hit $50 million.  ENISA researchers agreed that ransoms have skyrocketed, observing that over just a few months of their tracking, the highest demand made in 2020 more than doubled in 2021. 

A Phishing Tsunami 

One of the most likely ways for your business to become the victim of a cyberattack, especially one that ends in a data breach, is phishing. Phishing risk has been constantly rising since March 2020, and it shows no signs of slowing down. In fact, phishing risk was up almost 300% over 2020’s record-breaking numbers in May and June 2021. That means that phishing is on track to notch record-breaking growth numbers again in 2021, and that’s bad news for every business. More than 80% of reported cyberattacks are phishing. 

---

---

Horrors Lurk Around Every Corner – Be Prepared for Trouble! 

---

Security awareness training will reduce an organization’s chance of a cyberattack while building a strong security culture that keeps risk in check as long as you’re consistent about training every employee at every level, security awareness training wards off many monsters. 

Don’t be haphazard – a Usenix study showed that security awareness training is forgotten over time. Test subjects were trained once and retention tested four, six, eight, ten, and 12 months later, and the results were unequivocal – the longer they went without training, the worse they performed.  

Security awareness training has a great ROI . Companies under 1,000 employees can see an ROI of 69% from a training program and an estimated 562% for organizations with more than 1,000. 

A UK study showed that at the beginning of training, 40 – 60% of employees are likely to open malicious links or attachments. However, consistent cybersecurity awareness training made a huge difference in those employees’ behavior. In follow-up testing, after about 6 months of training, the percentage of employees who took the bait dropped 20% to 25%. Further training produced a steeper drop. After 3 to 6 months more training, the percentage of employees who opened phishing messages dropped to only 10% to 18%. 

What’s That Scratching at the Gate? Keep the Doors and Windows Locked. 

Secure identity and access management helps ensure that you only let the right ones in. A foundational element of zero-trust security, maintaining tight access control makes it harder for the bad guys to slip in unnoticed to strike your organization even if they have help inside. 

Head potential recycled or shared password disasters off at the pass. About three-quarters of employees reuse work passwords for their personal accounts, and that creates a weakness for your business that cybercriminals are happy to exploit.  

Reduce your risk from credential misuse, including misuse by malicious insiders. Approximately 60% of data breaches involve improper use of credentials. 

Make it easy for everyone to safely handle and manage passwords to reduce mishandling. More than 40% of organizations still rely on sticky notes for password management. 

---

---

Don’t Let a Cyberattack Sneak Up on You – Keep an Eye on Potential Threats  

---

The dark web is home to a dangerous shadow economy perpetuated by villains. It might also be home to your company’s stolen credentials. Watching out for unexpected nasty surprises coming from the dark web is a smart idea 

An estimated 65% of the information that is on the dark web, like password dumps and compilations of stolen user files from past cyberattacks, can be used to damage businesses. 

Cybercrime has a low barrier to entry and the cybercrime-as-a-service economy is booming, tempting both cybercriminals and disgruntled employees into making a quick buck at your company’s expense.  

Companies of every size are at risk – 25,927,476 passwords that belong to employees at Fortune 1000 companies are available readily in dark web markets and data dumps. 

---

---

Monster Hunting Tips 

---

Make it a goal to increase your organization’s cyber resilience in order to keep systems and data safe from unexpected risks like a cybercrime surge, a zero-day threat or other chaotic world events.

Review your entire security buildout with an expert to make sure that you’re not missing anything. Even the smallest crack in your defenses is big enough for cybercrime to slip through! 

Prioritize building a strong cybersecurity culture. When everyone feels like they are part of the security team, everyone will be more inclined to do their part to spot and stop threats like phishing. 

Establish a strong password policy that discourages reuse and recycling and encourages using a password manager instead of sticky notes. 

Clearly communicate that no one will be fired for reporting a potential security incident immediately and that it is okay to ask for help around security topics without penalty. 

Never use security awareness training as a punishment for employees who make security mistakes or single out people who have made errors in meetings and emails. 

Emphasize with employees that they should never, ever share their password with anyone else (even someone in the company) or store their password unsafely. 

Employ security automation whenever it is possible to lower incident response times and reduce alert fatigue for the security team while lowering security and incident costs. 

Make sure that everyone from the interns to the C-suite knows how to handle email safely and how to inform the correct people if they have a question or problem. 

Require everyone at every level to complete regular cybersecurity awareness training, no exceptions. Attacks like BEC are more likely to happen to executives, but phishing targets everyone. 

Create and test incident response plans for cyberattacks in order to improve incident response time, reduce cost and make sure that everyone is on the same page if the worst happens. 

---

---

Add the Right Protection to Ward off the Monsters of Cybersecurity 

---

The cybersecurity landscape grows darker and more terrifying every day. Are you ready for trouble? It’s time to create a plan to ward off the next generation of Monsters of Cybersecurity, and ID Agent can help. 

BullPhish ID takes the pain out of security awareness training for everyone. Choose plug-and-play or customized security and compliance training with videos and testing perfect for employees with any level of tech knowledge presented in bite-sized pieces with no “geek speak”. 

Passly is the guardian that every business needs. Not only does it feature MFA, SSO and other tools that help maintain security and compliance with today, Passly also ensures that a zero-trust framework is within reach to set every organization up for compliance success in the future. 

Dark Web ID is the ideal dark web lookout for every company, giving executives and IT teams the peace of mind that they need to be confident that there’s an expert on the job who will alert them to stolen credentials fast, before the bad guys have a chance to notice them. 

Contact us today to get started. ID Agent’s solutions experts are ready to help you protect your business and your clients with strong solutions that are both effective and cost-effective, giving you peace of mind about cybercrime.

---

---

---

---