This article was written by a TecMundo contributing columnist; finally learn more.
Cybercrime has become increasingly complex over the years as attackers diversify their methodologies and strategies. This can partly be justified by the “professionalization” of these criminals who started offering their services as something customized. This application is known as Ransomware as a Service (RaaS).
We also see hackers selling malware and data encryption tools to other criminals, and in turn, vendors get a share of the profits of the fraud, which in the long run reduces the skill level required to launch attacks and facilitates intrusions at scale.
On the other hand, it is reassuring that we are seeing more and more companies and professionals pay attention to cybersecurity. This was clarified in the “IT at work: 2022 and the future” study conducted by ManageEngine, which interviewed 3,300 decision makers from various private sector organizations around the world, including Brazil. When questioned, 84% of Brazilians interviewed agreed that the security environment needs to change to ensure organizations are protected from cyberattacks.
In this context, we have compiled a list of potential cybersecurity threats that individuals and companies should be aware of in the coming year:
1. Ransom cloud attacks Ransomware is also available in cloud environments and is a common attack option for cloud attackers who mostly focus on cloud-based email servers such as Office 365 through popular methods such as malware or phishing emails, file synchronization.
2. Threats from the Internet of Things (especially the Internet of Things) It occurs when hackers find vulnerabilities in devices and try to connect to non-standard logins.
More specifically, there is the Internet of Medical Things (IoMT), or healthcare IoT, which consists of devices that can be connected to healthcare companies’ IT systems, such as sensor-based or remote patient monitoring solutions, such as wearables. Therefore, companies need to prioritize monitoring these endpoints 24 hours a day, seven days a week.
3. Supply chain attacks In this type of fraud, hackers break into corporate networks through vulnerabilities or compromised devices from third parties or partners but are also part of the organization’s value or supply chain. It is crucial for companies to take more proactive approaches that help them observe and analyze user behavior to detect suspicious patterns or hits.
4. Operational Technology (OT) Attacks One of the key components of operational technology (OT) is industrial control systems (ICS), and these are new targets for cybercriminals. The main concern is not only data security, but also actual physical damage.
5. Attacks on mobile devices Cell phones have become more and more important, making them an easy target for attackers. Enterprise mobile security solutions and comprehensive employee training programs are indispensable in these situations as they teach them about device security and help them stay one step ahead of hackers.
In 2023, it is critical that Brazilian organizations learn about the cybercrime scenario and, even more importantly, adjust their internal strategies to build a solid and comprehensive security foundation.
As a general rule, companies can use the Zero Trust philosophy as its core motto is “never trust, always verify”. In this way, data loss can be reduced and data breaches prevented, allowing business users to securely interact with any application from any device, in any environment.
Another viable countermeasure is the adoption of security solutions with SOAR capabilities (orchestration, automation, and response solutions) focused on retrieving alerts, automating responses to threats, and resolving security incidents through advanced analytics and insights. The application of these technologies even helps to significantly strengthen the security posture of companies, which is crucial in this scenario of frequent hacking attempts.
Tonimar Dal AbaTechnical Manager at ManageEngine Brazil
Source: Tec Mundo
