One of the biggest existential threats to a business is a cyberattack. There used to be a time when companies only needed to worry about viruses ruining a single computer, but today’s threats are much more devastating and can cost millions of dollars.
A new report on cybersecurity by Emsisoft notes that ransomware demands continue to increase, and have gone up around the world by 80% in 2020. In Canada alone, there were over 4,000 ransomware attacks last year (that were reported) for a cost estimate between $199,081,157 and $796,514,525 CAD.
No matter what size company you have, cyberattacks are a very real threat. Hackers don’t only go after the “big fish.” In fact, they often see small and midsize companies in Toronto and elsewhere as easier targets.
There are a few reasons hackers target small businesses:
- Smaller companies tend to have fewer cybersecurity protections.
- Smaller companies often won’t have a disaster recovery plan or full backup, which means they’re more likely to pay a ransomware demand.
- Large criminal organizations have begun offering attack services and “hacking kits,” meaning even novices can perpetrate attacks.
- Criminals play the numbers. They can increase their volume of attacks by attacking small and midsize companies as well as larger ones.
Is your business properly prepared for the newest threats we’ve been seeing so far in 2021?
We’ve referenced some leading IT security reports on emerging threats to bring you details on the ones you need to watch out for.
Emerging Online Threats
Ransomware
Ransomware has been growing significantly. This type of attack can be devastating and cause businesses to go down for several days. Companies are so desperate to get back up and running, that they often pay the ransom, which further emboldens attackers to continue. They’ve basically found that ransomware works as a money-making machine.
Approximately 56% of ransomware victims pay the ransom to get their companies back up and running.
Ransomware is a form of malware that encrypts data on a device or a cloud storage system. It spreads rapidly throughout a network and can quickly infect multiple devices.
Once infected with ransomware, companies receive a ransom demand that’s usually demanded in untraceable cryptocurrency. They have basically three options:
- Pay the attacker and hope they come through with their end of the bargain to provide the decryption key.
- Have an IT professional remove the ransomware and restore their data from a backup.
- Lose their data and start from scratch if they have no back up.
Mobile Malware
According to the Verizon Mobile Security Index 2021, 53% of surveyed organizations said they suffered a mobile-related security incident over the last year.
Mobile devices have become a mainstay in offices and actually make up about 60% of the endpoints in a company. Yet, they’re usually much less protected than servers and computers.
Often, companies are relying on employees to use their own smartphones to access email and other company apps. But the lack of monitoring their access to business data and security hygiene (updates & patches, antivirus, etc.) can lead to big risks.
The Verizon report found that 40% of professionals stated mobile devices are the #1 IT security threat companies need to worry about.
Firmware Attacks
Firmware is a special type of software that lives outside the operating system (OS) of a device. It tells the hardware how to interact with the OS and other hardware. It does things like tell a computer how to boot and control user access levels.
Attacks on firmware have increased by 5x over the last four years, and over the last 24 months, 83% of all companies have experienced an attack on device firmware (only many don’t realize it).
There is a lack of transparency between the firmware and OS layers, which makes this a particularly dangerous type of attack and one that allows hackers cover.
Attacks at the firmware level can be very devastating because the attacker essentially has control over the entire device, how the OS boots, and who can access and give commands to the device.
IoT Devices
Internet of Things (IoT) devices are simply all those other internet-connected devices beyond computers and servers. IoT devices can include:
- Routers
- Printers
- IP Video Cameras
- Smart Lighting
- Smart Locks
- VoIP-Enabled Desk Phones
- Smart Speakers (like Alexa & Google Home)
- And more
As more of these devices get connected, a company network can be left at higher risk of attack. Hackers take advantage the fact that IoT devices have fewer security controls and that users don’t do things like change the default username/password when setting them up.
Ensure Your Business Is Properly Protected from the Most Dangerous Online Threats
Dynamix Solutions offers state-of-the-art cybersecurity services that can help ensure your Toronto or Calgary business isn’t hit with a devastating attack.