It seems every year cybersecurity criminals learn new tricks and traps, as they continue to probe systems and find weaknesses in both software and users. While it’s not possible to predict every new route of attack, much can be learned from previous actions. In the case of cybersecurity, three key lessons can be drawn from 2018’s events, according to SC Media:
- Accounts are becoming a more important target – credentials represent the goal of many cyberattacks, as they allow the hackers to then use what appears to be a legitimate account for further probing of systems or for trying to trick others to transfer funds to the compromised accounts. Targeting of executive accounts in particular is on the rise.
- The emphasis of cybercriminals has shifted from profit via theft and resale to direct profit – rather than stealing information and attempting to find a buyer, cybercriminals are instead emphasizing ransomware attacks, or direct extortion attempts, in which the victim pays them directly.
- The classics remain classics for a reason – while new approaches are in use, traditional phishing attacks remain popular, as do trojan attacks. While not as effective as they once were, due to increased user education, they remain cheap to launch, and only require a very small hit rate to be effective.
Any developing IT plan needs to keep in mind the approaches used by cybercriminals, in terms of both the technology necessary to block the attacks, and the training to ensure company employees don’t fall victim to whatever isn’t blocked.
