There’s no doubt that 2020 saw a huge increase in the number, scale and severity of cyber-attacks across the globe. Cybercriminals sought to capitalise on the effects of the pandemic – taking advantage of growing anxieties, surges in online shopping and the sudden shift to working from home in March. Internet usage soared, and opening up a wealth of opportunity for breaches and attacks.
So, how did UKFast’s SIEM platform fair against 2020’s threat landscape? We sat down (virtually) with Stephen Crow, our Head of Defence and Compliance, to chat about the unprecedented threat volume of 2020.
Attempted CMS login was the most common attack vector across every quarter of 2020. Businesses are failing to secure their web applications properly and effectively restricting access to a specific IP address. We’re seeing lots of businesses not adding multi-factor authentication – an easy way to protect your applications online.
We’ve seen a consistent number of total events analysed, but a huge increase from around 10 million to 75 million suspicious events identified across our clients’ networks.
The pandemic has meant more people online and a wider internet presence while people work from home. Remote working has meant an increase in non-secure devices being used across the globe, as businesses have been forced to digitise their operations and take everything online. This has meant opening up more networks and therefore increased vulnerability to cybercrime.
The other element to this is the increase in phishing attacks as threat actors have preyed on public vulnerability and desperation. Cybercriminals have been sending billions of malicious emails out posing as health or government authorities and capitalising on the public’s desperation for medical information and supplies.
We’ve increased and improved internal employee training by sending out simulation phishing emails to the team, hinging on Covid-19 and topical news items people may typically click on. Something to always watch out for with phishing attacks is who the email is coming from and whether a threat actor is posing as a senior member of staff and requesting help with urgency.
Our security team has also improved our threat product rulesets so we can now detect more subtle attacks. We’ve adopted a packet inspection approach; rather than just examining logs we are looking at packets coming in and dropping them/denying them if they are malicious.
This is actually something that hasn’t changed – our top five attack origins have remained USA, Russia, Latvia, The Netherlands and the UK in slightly varying orders over the year.
The cybercrime industry is growing and will continue to grow exponentially as people continue to work from home more permanently. It’s important businesses better their endpoint security and shift towards adopting a zero-trust model as they implement BYOD policies. We will see more of the same across the industry – more hacks and more reputational damage. Organisations need to prioritise and optimise their digital presence as more exposure to the internet means more exposure to cyber-threats.
UKFast’s SIEM technology intelligently monitors events across your entire network, identifying and blocking cyber-attacks to help your business prevent downtime and data breaches.
To find out more about Threat Vision and how UKFast mitigates cyber-attacks, see our latest infographic for Q4 2020 here.
Time to bolster your cybersecurity strategy?