2020 forced many organisations to completely change the way they work almost overnight. While remote working had been growing in popularity over the years, with companies looking to pluck from a wider talent pool, the COVID-19 pandemic greatly accelerated the shift to an online workforce. This left many unprepared and ill-equipped to navigate the change effectively.
Because of this cyber criminals found themselves in a particularly opportunistic position, with the ability to prey on organisations and their employees when they were at their most vulnerable.
The SonicWall Cyber Security Threat Report 2021
The SonicWall Cyber Threat Report 2021 documents the trends in cybercrime during 2020. Its findings can help an organisation better understand existing and potential threats and demonstrates how cybercriminals think. This can help organisations to create appropriate strategies to defend against such threats.
A ‘Perfect Storm’ For Cybercriminals
Speaking of the report, SonicWall President and CEO Bill Conner said “2020 offered a perfect storm for cybercriminals and a critical tipping point for the cyber arms race…The pandemic – along with remote work, a charged political climate, record prices of cryptocurrency, and threat actors weaponizing cloud storage and tools – drove the effectiveness and volume of cyber-attacks to new highs.
This latest threat intelligence offers a look at how cybercriminals shifted and refined their tactics, painting a picture of what they are doing amid the uncertain future that lies ahead.”
Here are the key findings taken from that report:
Ransomware hits record high
The effects of a global pandemic, combined with record highs in the price of cryptocurrency, drove ransomware to a staggering 62% increase globally.
Intrusion attempts rise
The number of intrusion attempts(the attempt to gain access to a device, network or system) in 2020 was 20% higher than in 2019, but year-over-year attacks in Europe nearly quadrupled.
Increase in ‘never-before-seen’ malware
The sooner new threats can be identified, the sooner they can be neutralised. SonicWall has, as per this report, identified 268,362 malware variants. A 74% year over year increase.
Malicious office files overtake malicious pdfs
New SonicWall data indicates a 67 percent increase in malicious Office files in 2020, while malicious PDFs dropped 22 percent. In 2019, cybercriminals preferred malicious PDFs and malicious Office files in roughly equal numbers. But in 2020, malicious Office files were the clear choice: They now make up more than a quarter of all malicious files.
Internet of Things (IoT) malware skyrockets
When the pandemic sent workers home, their unsecured personal devices were there waiting for them — and so were cybercriminals. Recognising the potential to use compromised devices for personal gain, attackers pushed IoT malware to a 66% increase.
What can we learn from the report findings?
Now we know the key findings, it’s time to assess what actions need to be taken.
It is abundantly clear that cybercrime is not going anywhere and, in fact, the potential for attacks continues to increase. The fact that only 25% of companies are confident they can respond to security incidents effectively, while 76% of senior decision makers worry that employees could expose their company to digital security risks is worrying and implies that cyber security policies and cyber security training needs to be brought to the top of the agenda.
The importance of cyber security training
For many organisations, cyber security training is deemed an annual or bi-annual requirement and not taken too seriously. In fact, according to a study, less than 10% of organisations have training programs available and just 45% of those who provide formal security awareness training make that training mandatory.
Unfortunately, occasional and optional training is not going to cut it in 2021 and beyond. If an organisation does not treat cybersecurity as an essential element of their business operations and instil it into their culture, then they can’t expect their employees to do the same.
It is so easy and affordable to train employees to negate cyber-attacks and apply this knowledge in their day-to-day job. Implementing a cyber security plan and protocols that include engaging and interactive trainings covering social engineering and other forms of attacks is the best way to arm employees with the tools and knowledge they need to identify or respond to a cyber threat.
IT security, while essential, is simply not enough anymore. The potential for human error is too big and so there needs to be a synchronicity between both the technology and the humans using the technology. The stats prove this with studies showing that cyber security risks are reduced by up to 70% when businesses invest in cybersecurity awareness training.
Remember it is not just money on the line here but reputation. As Stephane Nappo said “it takes 20 years to build a reputation and a few minutes of a cyber incident to ruin it”.
Get ahead and look into your cyber security requirements today. Contact our team at firstname.lastname@example.org or call us on +353 (0)1 818 3272. Our cyber security awareness training combines regular online training with simulated attacks and in-depth reporting to dramatically reduce the risk of your business falling victim to a genuine cyber attack.