In an era where our lives are increasingly intertwined with the digital world, the significance of cyber security cannot be overstated. The evolving nature of threats in today’s digital landscape makes them all the more impactful and challenging for organisations to combat. From data breaches to reputation damage, organisations can suffer severe consequences from such threats.
Here are five urgent cyber trends businesses need to be aware of:
Trend 1: Most phishing websites are live – but just only for one day
The rapid turnover of phishing sites complicates detection and mitigation efforts. Ninety percent of phishing sites are live just for one day. Attackers create and dismantle phishing sites quickly, often targeting high-traffic events, like holidays or significant product launches. This strategy maximises their chances of success in a short window.
The ephemeral nature of these sites makes traditional security measures less effective, as many detection systems rely on historical data and established patterns to identify threats. This allows evading of blocklist systems and other defences before organisations even become aware of their existence.
In today’s digital landscape, it’s critical for businesses to be prepared for when-not if-a cyberattack occurs. Implementing regular phishing exercises can help employees recognise threats early, and building a rapid response plan enables organisations to act swiftly during an attack.
Trend 2: The majority of malicious files are delivered via email
Email-based attacks often leverage social engineering tactics, creating a sense of urgency or familiarity to manipulate users to act impulsively. This approach exploits human behaviour and takes advantage of the fact that numerous organisations still rely on email for exchanging files and information.
- Rebecca Law, Country Manager, Singapore, Check Point Software Technologies
To combat this, organisations should invest in security solutions that can scan and neutralise malicious content before it reaches users. One such approach is Content Disarm & Reconstruction (CDR), which instantly removes any executable content, whether or not it is detected as malicious. This ensures that files are safe before users interact with them.
Additionally, practicing good cyber hygiene can prevent many email-based attacks. This includes verifying the sender address, checking links for suspicious content, and assessing whether unexpected emails align with normal communication patterns.
Trend 3: Cyberattacks are not slowing, they are continuing to increase at a rapid rate
Compared to 2023, cyber breaches have increased by another 40 percent and organisations today face more than 1,600 attacks each week. This illustrates the increasing sophistication of threats as attackers utilise more advanced methods and automation to exploit vulnerabilities. The shift to remote work and the growing use of third-party partners have expanded the potential attack surface for organisations.
Ransomware and other profit-driven attacks are also on the rise, and attackers are becoming faster at executing their schemes. Human reaction time is no longer sufficient to combat these threats. AI-driven prevention and automated response are now essential to reduce the time it takes to detect and respond to attacks.
Organisations need to ensure that their security tools work in harmony to reduce the Mean Time to Resolve (MTTR). Automating responses to potential threats is crucial, allowing businesses to stay ahead of attackers by detecting and neutralising threats before they escalate.
Trend 4: Cybercriminals have already published details of over 3,500 successful ransomware attacks in 2024
Cybercriminals are using data exposure as a means of extortion. The emergence of ransomware-as-a-service (RaaS) has enabled less skilled criminals to launch sophisticated attacks. The result is a growing pool of cybercriminals, many of whom use advanced techniques like double extortion, where both data encryption and the threat of exposure are used to compel victims to pay ransoms.
Organisations need to deploy strong endpoint security for all devices, from mobile phones to servers. Comprehensive security measure, including zero-phishing, anti-malware, anti-ransomware and full disk encryption, are essential to safeguarding critical systems and data. In addition, mission critical and sensitive data should be encrypted and regularly backed up, and stored securely.
Segmenting networks and controlling access to highly sensitive information can also mitigate the risk of breaches.This includes but is not limited to PII, PHI, financial, corporate strategy, intellectual property (including software, AI and training and test data), employee, and customer data, no matter where it is located: on premise, cloud or partner.
Email security remains a key defence against business email compromise (BEC), which remains the top attack vector for many cybercriminals. Strengthening email security can reduce the likelihood of ransomware and malware attacks and protect organisations from financial fraud.
Trend 5: The education sector is facing the highest volume of cyberattacks, followed by government and healthcare
Educational institutions, especially universities, often prioritises accessibility, which can lead to larger, more vulnerable networks. The high volume of users and devices increases the risk of phishing attacks and data breaches. Similarly, government entities are prime targets due to the sensitive information they manage, which can be exploited for financial or political gain.
Healthcare organisations face unique challenges as they handle massive personal data. The urgency of medical services sometimes forces a compromise in security measures, leaving these organisations susceptible to ransomware attacks.
To protect against these growing threats, organisations must conduct comprehensive assessment of their current security posture. Evaluating existing security measure can pinpoint vulnerabilities and areas for improvement. Segmenting networks, implementing strong access controls, and adopting a zero-trust architecture will help prevent breaches before they occur.
Employee training is another critical element of any security strategy. Regular workshops, phishing simulations, and continuous learning initiatives, can help employees and student recognise and respond appropriately to threats.
Vulnerability scanning and prompt patch management can also address security flaws before they are exploited by cybercriminals. Multi-factor authentication is a non-negotiable in this age, and an updated incident response plan is a must.
Organisations should take proactive steps to significantly reduce the risk of breaches, protect sensitive data, and ensure the continuity of essential services. Proactive (vs. reactive) cyber security efforts not only safeguard sensitive data but also maintain the trust of those they serve.
By staying informed about these trends and adopting proactive measures, organisations can fortify their defences against potential threats, while building cyber resilience.
Rebecca Law is Country Manager, Singapore, Check Point Software Technologies.
.jpeg&h=271&w=480&c=1&s=1)