This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with Yaniv Masjedi, Marketing, Aura.
We recently published an article on Aura blog titled: How To know If Your Identity Has Been Stolen where we share an alarming statistic: 47% of Americans experienced identity theft last year. If you think of that number – that’s a lot of people.
One of the biggest shifts that occurred over the last year was the growth in cyber attackers using manipulation to steal our private data. Research shows that Internet crime complaints soared by 69.4% in 2020, with the top three crimes reported being phishing scams, non-payment/non-delivery scams, and extortion.
A key reason for this increase is that cyber criminals recognize that as employees have moved their working lives onto their devices to collaborate, they’ve also moved outside of their organization’s perimeter defenses and are thus prime targets for fraud and phishing scams.
In many ways, by using our own devices to work from home, we’ve not only traded away our privacy but also our safety and our security. Our devices are now a bigger target for cyber criminals, who can attempt to manipulate us into giving up information with fake email and SMS messages.
Unfortunately, many organizations are struggling to get to grips with phishing and social engineering-style threats because traditional security solutions like antiviruses or network monitoring tools can’t detect them. The only way to detect them is by educating employees on the latest techniques, which requires consistent training.
The Dark Halo and Kaseya ransomware attacks showed that no organization is too big to hack. It doesn’t matter whether you’re a multinational corporation or a government department; if an Advanced Persistent Threat (APT) actor wants to gain access to your data, it’s a matter of if, not when.
More and more APTs are launching supply chain attacks, so they can gain access to a third-party service provider’s internal systems and steal the data of multiple organizations. This means organizations can no longer blindly trust third-party providers to protect their data, as every piece of information they hold is at risk of exfiltration.
The only way for organizations to defend against these types of attacks is to minimize third-party access to sensitive data and to use a mixture of continuous network monitoring and identity protection services to identify data leaks when they occur.
In the future, we’re going to see more cyber criminals begin to emulate the techniques and coordinated attacks used by state-sponsored APTs. The reason for this change is that many less skilled attackers will try and replicate the techniques used in “successful” APT attacks.
For example, when considering the techniques used in recent APT attacks like the Dark Halo and Kaseya breaches, it is likely that lower-level cyber criminals will start to use obfuscation techniques to avoid detection, so they have enough time to exfiltrate as much data as possible.
In addition, cyber criminals will start to use a wider range of techniques to break into target organization’s defenses, switching between manipulative phishing and social engineering attempts to brute force hacks, browser-based exploits, and cloud infrastructure modification.
Organizations looking to get ahead of cyber attacks need to develop a security strategy to protect interconnected devices from cyber criminals. At a high level, that means addressing human risk and increasing employee awareness of threats.
The CEO of Pango Group, owners of Hotspotshield VPN, Hamed Saeed recently put out a great video detailing the 5 Things Every Company Needs to Know About Data Privacy & Cyber Security with some practical tips:
The more users know about the risks of clicking on suspicious links or attachments, selecting weak passwords, and not updating devices, the more they’ll be able to avoid those behaviors that put themselves, their families, and their organization’s data at risk.
Steps organizations can take today: