The evolution of cyber attacks in the last two years
The pandemic resulted in more home office or remote work, which also means working from a Starbucks around the corner. A trend that has shifted the focus away from classic perimeter security more than the move to the Cloud a few years back.
It also increased the variety of vectors used for attacks today. It simultaneously reduces the influence a Security Team has over the IT environment a person is working in.
Having employees working from home in an environment with an outdated unpatched router and dozens of cheap IoT devices from vendors from all over the world and managing room temperature or the water level of their cacti is a security team’s nightmare.
It is not necessarily true that cyberattacks have evolved so much, but the potential vectors and the ability to control them have changed.
Lessons we can learn from the biggest cyber attacks in recent history.
One vector that hasn’t changed is email, which is an excellent example since it is the starting point in over 95% of all attacks.
Nevertheless, email security is still a huge issue, and the email security posture of Fortune 500 Companies (and most others) is scarily insufficient.
Even the most prominent Email Security Vendors that claim to be specialists in their field are, in most cases, not up to the game.
The latest ransomware attacks, like the San Francisco49er, Opus Interactive, Cisco, Entrust, Rackspace, Colonial Pipeline, JBS, Kia Motors, Acer, or Accenture, have almost all started with an email.
In some of those cases, the processes and mechanisms to mitigate an attack of its type were just not good enough.
And to be clear, in some cases, no matter how suitable methods and tools would not have been, they would not have been able to stop an attack of its sort.
What will cyber attacks look like in the future?
Cyberattacks are not changing that much at the moment. Why should they?
Email as a vector has been working for decades, and it is still the most preferred way of initiating a cyberattack.
Of course, the tricks, the deception, and the malware payload will keep changing, but it is still email. And the amount of badly or unmanaged mail platforms in the world being an easy target is mindboggling.
And make no mistake, this is not an issue of self-hosted small and medium business email solutions but an issue for expensive hosted “professional” environments.
The two pieces of advice for organizations looking to avoid future cyber attacks:
- Cover the most significant entry points, mainly email and whatever other vectors your company has.
- Prepare for the fact that you’ll experience a breach and how to fast and effectively detect, mitigate and remediate such a situation. It’s not about IF and more about WHEN a breach happens and, even more important, how you react.