Cyberattacks don’t take a holiday

Employers need to be prepared 24-7, especially with employees at home or on vacation

Cyberattacks don’t take a holiday

While summer is often time when employees take vacation, employers may not realize the increased risk of cyberattacks that comes when people mentally and physically log off from the workplace. 

In fact, in 76 per cent of ransomware infections, the encryption process begins after hours or during the weekend, according to Darktrace, an AI cybersecurity firm.

“Some of that research revolves around when people are not likely to be paying attention to the networks in the evenings  ̶  late at night, early in the morning, and on weekends. It is totally not unusual to find attackers have done their homework and worked out [when] this company traditionally has two weeks off,” says David Masson, director of enterprise security at Darktrace.

And HR shouldn’t assume that criminals won’t be interested in the seemingly mundane data that they have in place, he says.

“When you deal with people’s data, that’s personal identifiable information. HR departments shouldn’t think that threat actors won’t be interested  ̶  they’re very much interested and therefore they have to realize that they’re just as important a resource that needs protection as much as the actual IT systems themselves. Don’t be thinking, ‘Because I’m HR, nobody would be interested in me.’ It’s up to the threat actors to make that assessment: if they think you are worth it, they will come after you.”

Personal identification is increasingly being targeted says another security expert.

Work from home increases risks

Threat actors are now taking a “more targeted approach” when it comes to cyberattacks, he says, and criminal organizations are doing more homework to successfully pull off such things as ransomware attacks.

Today, with businesses based out of millions of home offices, the old way of “spray and pray,” in which attackers randomly sent out email requests and hoped for responses, the size of the potential pool is much greater, says Masson.

“When everybody’s working in one building, you’ve got one target but let’s say if you’re a company of 500 people and you’re all used to working from home, you’ve got 501 targets you can pick from: an increased landscape, and more opportunities for attackers to achieve that attack. The more chances, more opportunities, there’s a better chance one of them will actually work.”

More than three-quarters (78 per cent) of tech leaders say attack volumes have increased – with the majority pointing to employees working from home as the cause, finds a separate survey.

Ransomware proves popular

For many of these bad actors, ransomware — in which an organization’s computer data is encrypted and a ransom must be paid before the data is released — is the method of choice because “it’s the one with the easiest way for threat actors to monetize the attack; it’s the easiest way for them to make money,” says Masson.

David Masson

“With ransomware, instantaneously, you can basically say to an organization: ‘Pay us some money or you won’t get your data,’ so that’s why it’s the easiest attack to monetize and is much more popular.”

Threats generally come from criminal gangs and many operate under the protection of certain nation states because “they know there’s little chance of enforcement, arresting [and] bringing them to justice,” he says.

And many are behaving like businesses by taking money earned to purchase more resources such as computers and personnel for even more attacks, according to Masson. “A lot of these organizations you’ve heard of: REVOLT and DarkSide, they actually use some of their ill-gotten gains to reinvest in cyberattacks.”

Almost nine in 10 companies are suffering from cyberattacks, found a survey.

Artificial intelligences provides security

To best fight these sophisticated incidents, AI is becoming one of the best ways to monitor networks in real-time, he says.

“Companies really want to start realizing that [they] cannot keep up with the skill of the threat that they face and there’s no point really worrying about what kind of cyberattack it is; it’s going to happen and you’ve got to start focusing on the business rather than the breach and start using AI technology. It doesn’t need to know about the threat that you face but rather how to transform your entire network with a sense of self so it can see change in real time.”

“Cyberattack is 24-7: cyberattack doesn’t take holidays, it doesn’t get sick and we have to realize that we’re going to have to devote 24-7 monitoring,” he says.

In the future, even more attacks may be coming, says Masson, especially once 5G technology becomes more ubiquitous.

“If you think things are fast now, wait until 5G comes in, that’s really going to speed things up big time. 5G is a positive thing [but] it will turbo charge cyberattacks, particularly supply chain attacks,” he says.

As well, these organizations may also employ AI technologies to commit new attacks, he says.

“At that point, you cannot bring human beings to an AI attack, you’re not going to win; so you need to use AI to fight AI.”

Latest stories