As the COVID-19 pandemic rages on, cybercriminals and nation states are crafting their attacks to take advantage of the news cycle and the weakened defenses of a dispersed workforce.
This uptick in cyberattacks is coupled with a hacking community that is growing more advanced by the day, with new tools and elegant attack methods that are increasingly hard to defend against.
Now, cybersecurity is no longer an option, says Amelia Paro, channel development manager at ID Agent, a dark web monitoring solution.
Paro, a speaker at the ASCII Group’s MSP Connect virtual event, said cyberattacks have increased by 600% since the start of the pandemic, and 90% of successful attacks that resulted in data breaches were conducted with a phishing email.
“Those are staggering numbers,” Paro says. “They’re terrifying, but it really illustrates the fact that security, compliance and zero trust are no longer an option.”
Organizations need to take their cybersecurity seriously, especially since the U.S. Department of the Treasury recently issued an advisory that warns companies could face penalties if they actually pay a ransom to an entity that jeopardizes U.S. national security.
Attacks are becoming much more sophisticated and are often difficult to identify, Paro says. Malicious emails are now crafted to imitate legitimate sources.
For example, cybersecurity experts have been warning about suspicious emails with coronavirus-related subject lines or profess to come from the U.S. Centers for Disease Control or other public health organizations.
Hacking is essentially accessible to anyone that wants to try their hand at it, since ransomware kits and other tools are readily available on the dark web.
“It’s even easier for threat actors to perpetuate cybercrime and literally get paid to do nothing,” Paro says.
This underscores why cybersecurity needs to be the driving factor behind any technology decisions an organization makes, including when hiring for internal IT positions and selecting a managed service provider (MSP).
Any good MSP should be able to tell you in detail about those security threats and what the firm is doing to secure its own internal networks – and in turn, yours.