Blog :: NDR

3 cybersecurity trends to watch

Businesses are seeing a 50% increase in cyberattacks per week. That’s according to a report from Check Point Research, where companies reported a bump in cyberattacks during 2021. The increase is in line with a year-over-year trend of increasing attacks. Though 50% is a staggering figure, it is only 13% higher than Check Point’s 2020s findings

While the finding of the Check Point Research report is unfortunate, it is not surprising to those working in the IT security space. Since the onset of the COVID-19 pandemic, businesses have been increasingly vulnerable to attacks. As the attack surface expands with the adoption of new technologies and processes—such as connected OT, IoT devices, and migrating networks to public and private clouds—companies are struggling to keep pace with security measures that account for myriad ways an attack can occur. 

To help you better assess your security posture, we’ve broken down the three trends we think are most important to watch. 

Phishing is getting more sophisticated

Despite being one of the oldest attack vectors, phishing continues to evolve. And it has proven to be successful. Many breaches are the result of a successful phishing campaign—36% of attacks in 2021, according to the Verizon Data Breach Investigation Report. And that number is likely to rise, as the Anti-Phishing Working Group reported its highest level of attacks in the first quarter of 2022. 

While spoofed emails are perhaps the best known, attackers use a variety of mediums to trick people into giving up their passwords and financial data. Smishing and vishing scams have seen a stark increase over the last year. At the same time, companies are also targeted on social media on average three times a day. Given the data around phishing, it seems clear that this tactic will only increase in scale and sophistication.

In fact, exploiting human error is the most successful way for attackers to gain access to a company’s network and data. The Verizon report mentioned above found that 85% of breaches were the result of “the human element,” which Verizon defined as the use of stolen credentials, phishing, exploited vulnerabilities, botnets, and other vectors where the ultimate downfall could be attributed to the fallibility of an employee. 

With that in mind, it’s crucial to consider cybersecurity as a business initiative. Organizations need to empower and educate their non-IT colleagues on the importance of cybersecurity and the signs of a phishing attempt. Even with that education, though, companies should prepare for a successful breach. 

Attackers are becoming more difficult to detect

Here’s an alarming statistic: cybercriminals can penetrate 93 percent of company networks. That’s according to research done by Positive Technologies. As shown from the stats in the previous section, attackers don’t need to rely on brute force techniques to enter a network if they can get credentials by exploiting human vulnerabilities. 

Once on the network, a savvy hacker will try to make all their actions look normal. And the data shows that they are incredibly good at it. According to a study by IMB and the Ponemon Institute, it takes an average of 287 days to detect a breach.

An attacker can hide their activity in a variety of ways. They may abuse trusted programs, use common channels and protocols to encrypt their traffic—or move slowly and in ways that avoid notice. Additionally, cybercriminals may use AI/ML to aid their stealth operations. In some cases, this may mean delaying the execution of a piece of malware for a period of time. Or it may mean that malware learns as it goes, getting better at avoiding triggers. 

As attacks become more sophisticated, businesses will have to make tough calls. How much cyber risk are they willing to take, for instance. They will also need to create a layered approach to threat detection. And they will want to select tools that offer sophisticated ML capabilities that can spot unusual behavior and correlate events to a singular incident

Attacks are going to be more damaging

Financially speaking, a cyberattack can cause a lot of damage to a business. The IMB and Ponemon Cost of Data Breach 2022 report states that the average cost of a data breach is $4.24 million, up 10% from 2020. Breaches that took longer than 200 days to be found and contained cost about $1.2 million more. The average cost per compromised record was $161. And businesses that experienced a breach lost about 38% of their overall value.

Aside from financial damage, attacks can also cause an impact on day-to-day life for people outside of the business, economic uncertainty, and put lives at risk. The Colonial Pipeline ransomware attack, despite the scale of impact, was not a particularly sophisticated attack. If the attackers had intended to disrupt the OT systems and lock out employees from the pipeline’s operational networks, the attack may have been far more destructive. An attack on Ukraine’s power grid and a petrochemical facility in Saudi Arabia give an indication of the type of damage possible.

This trend is likely to continue as more nation-states use cyber warfare. But large enterprises are not the only companies that need to worry. Any business could be a target for cybercrime. And according to the US National Cyber Security Alliance, 60% of small businesses that suffer a cyber-attack go out of business within six months.

Cybercriminals continue to evolve their attack methods, exploiting vulnerabilities before companies can recognize them. To compound the problem, many security tools are too niche, focusing on protecting one section of your IT infrastructure. And the utopia of a single security solution has yet to be realized. Building a strong posture is possible, though, and you can do it without breaking your budget. 

An NDR solution, like Plixer’s, provides immense value in an easy-to-deploy and manage package. By monitoring all network activity, revealing suspicious behavior, and alerting you to threats, your security team can better investigate and respond to threats that bypass other tools. Learn how to better protect your network here.