Written by Sarah Keane, collaborator.
The world has arguably never been more vulnerable to cybercrime.
Precipitated by the 2020’s Covid-19 pandemic, the global workforce has seen a massive shift to remote and work from home models, a change that many People & Culture experts say is here to stay as employees increasingly demand flexible and hybrid work options.
We store more data in the cloud than ever before and rely on the internet to keep the wheels turning smoothly every day; from shipping and logistics to e-commerce and every sector in between, our lives and businesses are increasingly digitised.
Hackers have accordingly stepped up the threat level. Savvy cybersecurity in 2021 and beyond involves more than just good digital hygiene practices; it meets the threat levels with the right tools. Here we look at three key internet security threats and prevention measures.
1. Cloud vulnerabilities
Courtesy of the pandemic, there has been a 50 percent increase in cloud computing across all sectors and industries, according to a McAfee report. The shift has piqued the interest of hackers; 7.5 million attacks on cloud accounts were reported in the second quarter of 2020. Reporting by ZDNet noted that attempted breaches have increased by a whopping 250 percent from 2019’s figures.
Unsecured cloud servers and unpatched systems are particularly at risk. Hackers use brute-force attacks, ransomware, cryptojacking, and coordinated distributed denial of service (DDoS) attacks to steal data and extort companies and individuals.
- Remote workers who access cloud services and systems should use a VPN. Many platforms offer a free VPN trial. You can try it out before committing to a subscription.
- The APIs in use need to be properly secured and up-to-date in relation to the current threats.
- Proper cloud storage configuration is essential.
2. DDoS attacks
Increased online traffic and reliance on digital services mean cybercriminals have more opportunities. DDoS attacks are cheap to run, and there are now plenty of for-hire DDoS services that leverage the size and bandwidth of public clouds. Cybercriminals are also using AI to run DDoS attacks, making them more precise and effective. An attack can spell disaster for both small and large enterprises alike as clients cannot access the website or platform.
- Network architecture needs to be as resilient as possible.
- Bandwidth should also be increased as much as the business can afford.
- Dedicated DDoS mitigation services are available from ISPs and third-party providers.
3. Social engineering
Social engineering represents a large proportion of all the internet threats levelled at businesses and individuals alike. Security magazine reports that in 2020, nearly one-third of all known breaches included an element of social engineering, and of those, 90 percent involved phishing. These attacks are often fruitful; the 2020 Twitter breach, for instance, netted the hackers over US$100 000.
- Education is key to recognising social engineering attempts and preventing breaches.
- Quality email scanners and other anti-malware tools can help remove some of the threats, but the human-error factor still needs to be addressed.
The way we use the internet is changing, and so too are the technologies in use. Cybercriminals are never far behind. Staying secure is a matter of having the right tools, well-built system infrastructures, and users who are educated on the threat level.