Cybersecurity is hard. Technology is continually changing, cyber criminals' tools and techniques are always evolving and maintaining the security of a network with users who each want to do their own thing without being restricted by security is a constant challenge.
But while these are some of the most headline-grabbing cybersecurity threats, there are other issues that might not be discussed as much, but are still significant cybersecurity problems that organisations must be prepared to deal with.
And they need to start thinking about them now -- before it's too late.
Remote work is making easy targets for hackers
For many businesses, hybrid and remote working has become the norm in recent years and organisations have shifted towards cloud-based applications and services to enable this.
But while this shift has been effective for productivity and improving employee happiness, hybrid working also comes with additional cybersecurity risks that organisations might not be thinking about -- and that's making life easier for cyber criminals.
It's also possible that entire sections of the network containing sensitive information could be exposed to the open internet due to cloud misconfigurations. In these instances, attackers might not even need a password -- they can just walk right in and raid the server for exposed information.
"We increasingly see all of those configuration issues and threat groups are actually getting a lot of success -- they don't even necessarily need an exploit because the defenders provided that open goal," says Collier.
Simple cybersecurity updates are being ignored
But it isn't just security vulnerabilities in cloud-based applications that are flying under the radar or outright being ignored. For one reason or another, cybersecurity teams often struggle to manage vulnerability management and patching across the board.
"The velocity of vulnerabilities to our infrastructure, technologies and tools over the last year has created quite a challenge for organisations," says Thomas Etheridge, SVP of services at CrowdStrike.
Add to this the unknown security flaws that can lurk within software that many companies use every day and assume is secure. For example, Log4j was a significant vulnerability that emerged in December last year and one which Jen Easterly, director of US cybersecurity and infrastructure agency CISA, described as "one of the most serious that I've seen in my entire career, if not the most serious".
And Log4j isn't the only vulnerability that many businesses have ignored: even older vulnerabilities like EternalBlue, which powered global cybersecurity events like WannaCry and NotPetya, haven't been patched by some, and cyber criminals are still looking for vulnerable networks they can take advantage of.
In many cases, the vulnerabilities and cybersecurity issues aren't being addressed because businesses simply don't have eyes on their network -- despite it being a vital element of cybersecurity.
"IT hygiene has been an ongoing problem -- understanding what assets you actually have in your environment, what's connected to your network, what's the patching status of that? Having viability and understanding the actual security posture of those devices is an ongoing challenge," says Etheridge.
"It's the least glamorous, the least sexy, the least recognised part of what security and IT organisations do, but it's absolutely critical to stay ahead of risk," he adds.
Phishing is used in several ways, from stealing sensitive information like bank details and passwords from individuals to being used as the opening stage in sophisticated cyberattacks targeting whole organisations.
All it takes is a convincing email lure and a well-designed fake version of a real website, or any other online service that people use a login name and password to access, and data falls right into the hands of the attackers.
As the name suggests, the hackers target businesses using phishing emails and social engineering to target businesses and trick employees into transferring large sums of money to bank accounts owned by the fraudsters.
"If you actually look at the amount of money business email compromise groups are making, it's significantly higher than what ransomware groups are making," says Jason Steer, chief information security officer (CISO) at cybersecurity company Recorded Future.
Many BEC attacks start like any other malicious cyber campaign, using phishing emails or stolen usernames and passwords bought from dark web forums to gain access to the network.
From there, the cyber criminals take time to examine interactions in the inbox, perhaps even using their initial access point to send phishing emails to the compromised victim's contacts to get hold of their usernames and passwords too. It's also possible for the attackers to spoof messages from these known contacts.
By the time anyone has noticed something is wrong, the money has already been transferred and the attackers are long gone.
"In some organisations, it's highly likely there's one financial controller who logs on to the bank account and does the transaction, there's no other scrutiny before that happens and that's exactly the thing they're trying to exploit," says Steer.
This means it's vital to have governance procedures in place to ensure that significant financial transactions are legitimate and they're going to the expected account. Involving multiple people in this decision-making process can help provide the extra layers of protection. It could slow down the transactions, but a deal being slightly delayed in order to follow due process is a better outcome than large sums of money being lost to cyber criminals.
Cybersecurity basics can go a long way
When it comes to securing cloud services, emails and the wider network, there are steps that information security teams can take that can help protect users -- and the network -- from most cyberattacks.
First, applying security patches as soon as possible prevents cyber criminals from exploiting known vulnerabilities in software to enter or move around networks, so it should be a pillar of cybersecurity strategy for any organisation in any sector.
Rolling out multi-factor authentication (MFA) can also provide a significant barrier to cyberattacks, because it means that -- even if a hacker has a legitimate username and password -- they're unable to take control of a cloud service or email account without the user approving it. According to Microsoft, using MFA blocks over 99.9% of attempts at hacking into accounts.
To many people, these measures might sound like basics of cybersecurity -- but in order to ensure that people and networks are safe from cyberattacks, the basics need to be put in place before anything else.
"In some ways there's at least some room for optimism, because the solution is known and it's actually very simple -- it's about security fundamentals," says Collier. "A lot of this work is actually making sure that the mundane issues are solved".