Shibu Paul has 25 years of experience in the field of Digital transformation – IT, IS and telecom – having worked with Sify Ltd, British Telecom Global services (India) and BT Americas in various roles. He was part of the team that launched the first IP network, first private ISP and first Certifying Authority in India. He joined Array in 2009 as country sales head and progressed to leadership positions including Country Manager and Regional Director-APAC. In his current role, he is instrumental in driving the business for Array in the region, and setting up end-to-end operations including a strong channel, robust technical team, and solid support infrastructure for Array customers worldwide.
The advent of technology has been a catalyst of success worldwide, especially with the progression of digital advancements and digitized industrial revolutions taking the lead. But with great power comes responsibility. The technology, however, has been at the stake and falling short of its responsibility to make digital space a safer web for everyone to learn, monetize and pursue other tasks with. It is being targeted day and again by masterminds with ill-intentions, also commonly known as cyberhackers.
Why the surge in cyber attacks?
The IT and communication sector has become an easy target for cyber attacks including ransomware and a system’s vulnerabilities, resource-extortion purposes. Performed with a malicious intent, cyber attacks point towards a tech-integrated and supported service’s or system’s vulnerabilities and loopholes being exploited for stealing, altering, destroying, disabling or gaining access to or make use of an unauthorised asset.
The onset of pandemic and cyberattacks
COVID-19 hit the globe drastically and has been redefining normal ever since. With the growing culture of regulating personal and professional lives via online portals, programs, media, cloud and workspaces, the cyber threat has only caught more pace and disrupted more businesses in comparison to the pre-pandemic times.
Owing to the ‘new normal’ post-COVID, the IT and communication sector was observed to be the prime target of cyber attackers in 2021. One of the most common cyber attacks spiking after the global health crisis are ransomware cyber attacks. The numbers of such attacks are mounting up by folds and triggering a digital paranoia meanwhile affecting individuals, businesses and their security and safe walls. These attacks are not only confined to an organisation or a person, rather they are now targeting a vaster base by making their debut in the blockchain and crypto market as well. Supporting the argument, a report published in the latter half of 2021 states how there has been a 79% increase in global cybersecurity incidents in the last 18 months.
In a survey of 1,100 IT professionals, 90% had clients that suffered a ransomware attack. Every year, ransomware attacks cost victims billions of dollars. Telecom providers are prime targets for such attacks because once they are hacked, threat actors can encrypt a massive volume of their customers’ data and demand large sums of a ransom in return. Software developers are another lucrative target because they often have access to administrator privileges and can move freely across the network.
Further addressing the pressing concern and shedding light on the disturbing stats, Darktrace – a renowned name in the cybersecurity space with its autonomous AI system, detected over 1,50,000 cyber threats per week.
The foundation of cyber attacks
The question now arises – why? The answer is simple—massive ROI. Infiltrating the network of just one IT supplier opens up avenues to thousands of potential victims. For instance, in the SolarWinds hack, threat actors installed malicious code into the SolarWinds Orion system. Eventually, they got access to the data and network of thousands of its customers. Likewise, by gaining access to Kaseya VSA, hackers, at once, found their way to thousands of targets who used that software. That’s also one of the reasons why the focus of cybercriminals has shifted to MSPs, telecom providers, and software developers over the last year.
Phishing to join the list
Another type of cyber attack that has been making it to the top of the list of scammers, unethical fraudulent hackers/ attackers is phishing. IT folks are becoming increasingly wary of phishing emails that contain suspicious links and attachments and aim to compromise their security. Attackers know this well. So, they have reinvented their phishing strategies. Hackers are now pivoting to text-only emails that trick the target into disclosing their sensitive information like login credentials and credit card details. In 2021, IT organizations received an average of 600 such unique phishing campaigns a month. Phishing attacks give hackers access to secured systems without bypassing the organization’s security controls. This forms the base of these attacks being compelling and having conviction to them.
Some of the other attacks in cyberspace include network security attacks, wireless security attacks, malware attacks and social engineering attacks amongst others.
Other cyberattacks and their targets
Types of network security attacks often result in Denial of Service (DoS), Distributed Denial of Service (DDoS), Buffer Overflow Attacks, Ping Attacks, SYN Flood, DNS Amplification, Back Door, Spoofing, Smurf Attack, TCP/IP Hijacking, Man In The Middle Attacks, Replay Attacks and DNS Poisoning.
A wireless attack includes identifying and analyzing the interaction between all devices connected to the business’s Wi-Fi further comprising laptop, mobiles and any other gadgets or IoT devices. A wireless attack often targets Data Emanation, Jamming, Bluetooth Vulnerabilities, Near-Field Communication, War Driving, Evil Twin, Deauthentication and Disassociation, WarChalking, Packet Sniffing and Eavesdropping, Replay Attacks (Wireless), WPS Attacks, WEP/WPA Attacks, IV Attack, TKIP Attack and WPA2 Attacks.
Other attacks including social engineering attacks, viruses, vishing, tailgating, whaling, pretexting, it is a known fact that everyone has started being more wary and scanning for any threats whatsoever while carrying out operations in a virtual space. The most common way to prevent such attacks and be vigilant include:
- End-to-End Encryptions
- Encrypting network traffic by taking a mid-way and opting for a VPN
- Complexed logins and two factor authentications
- Integrating smart firewalls
- Taking assistance of HTML 5
- Keeping an eye out for erred syntax and grammatical blunders
- Updating and upgrading to firmware
- Scanning the warnings about suspicious websites
- Adopting anti-viruses and more
Some of the suggestions that a business can keep in mind while being vigilant of such attacks is by:
- Training the staff to keep a tab on suspicious activities
- Updating the applications periodically and being consistent with it
- Backing up data continuously
- Complicating the accessing operations and taking control of the digitised devices, tools and gadgets
The road ahead
The IT sector is jam-packed with revenue-rich organizations with large data volumes and extensive networks. That’s why it was the most sought-after industry by cyber attackers in 2021. Phishing and ransomware are the major cybersecurity concerns threatening IT security today. While it may seem impossible to eradicate these devastating attacks completely, you can take preventive measures, exercise good security practices, and implement basic IT hygiene to mitigate the risks.
The attacks and the attackers are not going to diminish over time, rather the number is only anticipated to rise with the unethical episodes surging by the day. The only way to keep ourselves safe is to create an impenetrable cyber structure supported by the above-mentioned suggestions and tips.