The alarming results of Symantec’s internet security threat report has revealed cyber criminals are not going away – in fact, they’re getting more organised to increase the efficiency of their attacks.
Symantec, the company behind the Norton security software, says the professionalism among cyber criminals has increased with new and advanced attacks on the rise.
Among them are a number of threats including data breaches, ransomware, spear-phishing and targeted attacks.
“Advanced criminal attack groups now mirror the skill sets of nation-state attackers,” said Kevin Haley, director, Symantec Security Response.
“They have well resourced and highly-skilled technical staff that operate during normal business hours – they even take weekends and holidays off.
“We are even seeing low-level criminal attackers create call center operations to increase the impact of their scams.”
Malware (malicious software) increased at a dramatic rate with 430 million new malware variants discovered in 2015.
This massive increase in volume demonstrates professional cyber criminals are using vast resources to overwhelm our defenses.
Large businesses will be targeted more than three times a year on average.
In 2015 there were a record nine mega-breaches with more than 429 million identities exposed.
Many unreported breaches would have pushed this number to more than half a billion exposed identities.
Ransomware also saw a huge rise in 2015 with more damaging crypto-ransomware attacks increasing by 35 per cent.
This more aggressive ransomware attack encrypts your entire computer and its digital contents and holds it hostage until the user pays the ransom.
And the frightening thing the report revealed was that ransomware is spreading beyond PCs to other devices like smartphones, Mac and Linux systems and other connected devices .
Australia is a lucrative target for cyber criminals and is at the top of the list for ransomware attacks in the southern hemisphere with an increase of 141 per cent from the year before.
Australia is also one of the top ten countries globally to fall victim to social media scams and targeted attacks.
And the attacks aren’t limited to the online world with with large call centres getting on the phone to dupe unsuspecting victims with scams and trying to sell useless services.
So what do we do? How can we protect ourselves and our businesses?
Here are some tips from Symantec to stay one step ahead of cyber criminals:
* Don’t get caught flat-footed: Use advanced threat and adversary intelligence solutions to help you find indicators of compromise and respond faster to incidents.
* Employ a strong security posture: Implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies. Partner with a managed security service provider to extend your IT team.
* Prepare for the worst: Incident management ensures your security framework is optimised, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
* Provide ongoing education and training: Establish simulation-based training for all employees as well guidelines and procedures for protecting sensitive data on personal and corporate devices. Regularly assess internal investigation teams—and run practice drills—to ensure you have the skills necessary to effectively combat cyber threats.
* Use strong passwords: Use strong and unique passwords for your accounts. Change your passwords every three months and never reuse your passwords. Additionally, consider using a password manager to further protect your information.
* Think before you click: Opening the wrong attachment can introduce malware to your system. Never view, open, or copy email attachments unless you are expecting the email and trust the sender.
* Protect yourself: Prevention is better than a cure. Use an internet security solution that includes antivirus, firewalls, browser protection and proven protection from online threats.
* Be wary of scareware tactics: Versions of software that claim to be free, cracked or pirated can expose you to malware. Social engineering and ransomware attacks will attempt to trick you into thinking your computer is infected and get you to buy useless software or pay money directly to have it removed.
* Safeguard your personal data: The information you share online puts you at risk for social engineered attacks. Limit the amount of personal information you share on social networks and online, including login information, birth dates and pet names.