Email cyberattacks account for most losses in modern businesses. Even as organizations are improving their cybersecurity efforts can still lag evolving threats. What’s been trending lately in cybersecurity developments?
Despite the advancement of automated software vulnerabilities and exploit kits, most cyberattacks still require some form of human action to validate. Email remains the largest channel for these attacks, based on a recent report by Proofpoint:
“Cyber criminals continue to refine techniques that target people rather than infrastructure, with attacks that rely more on human interaction and less on automated exploits. Social engineering is pervasive, whether in rampant sextortion schemes, business email compromise (BEC), credential phishing, or other attacks that prey on human nature – and human error.
Even though cybersecurity awareness has grown in recent years, many organizations in the financial industry struggle with new attacks. Drew Kilbourne of Synopsys summarizes from his company’s report on theories that these FIs need to increase their focus on third party software during threat assessments:
“When you dig into the report, you see that one of the big gaps across both big banks and small banks is third party software. So, people are not dealing with their third-party software risks well. They do a lot of third-party assessment, but it usually includes evaluating if you have locks on the door or if your firewalls are up, if you do background checks on employees, things like that.”
New devices are connected every day, ranging from computer devices to smart tablets, wireless home managers, etc. However, each new device can be targeted by malicious actors. Aaron Vick of Forbes notes that, while most smart home devices don’t contain sensitive personal data, there is still risk from ransomware attacks:
“There's a lot of potential damage that could be caused by hackers who decide to target power grids or communications devices. If this happens, and they demand that the victim pay the ransom, attackers could choose to shut down the system on them. They could go a step further and target factory lines, hurting manufacturing. Once connected to a network, they could turn their ransomware loose on all types of different devices.”
Several methods to combat these emerging threats are in early experimental stages. However, there is enough proof-of-concept work to see them expanded in the coming years. Alison DeNisco Rayome of TechRepublic describes a few of these new methods, referenced from the CB Insights NExTT study, including zero-knowledge proofing:
“Zero-knowledge proofs represent a breakthrough in data privacy, allowing multiple parties to confirm that they have knowledge of confidential information, without actually revealing that information, according to the report.”
Read more on the topics of cybersecurity and how to protect your organization from fraud.