By Dan Popa, Senior Territory Manager Romania at Veeam Software and Chris Norton, Regional Director – Africa at Veeam Software
Cyber-attacks have reached an unprecedented level, and the phenomenon noticed internationally is becoming more and more visible in Romania. In mid-April, Dan Cîmpean, Director of the National Cyber Security Directorate (DNSC), warned that between 20,000 and 30,000 cyber-attacks were detected daily in Romania, targeting “150-250 nationally relevant infrastructure elements.”
The number of attacks has increased significantly since the COVID-19 pandemic hit the world, but it is very important, emphasizes the director of DNSC, that users are being set up with traps that are increasingly efficient and credible. A large part of these attacks is aimed at data destruction, which is a major risk for organizations and companies in Romania. Such incidents can lead to significant losses, which can also result in temporary blockage of activity. That is why it is essential for managers to understand the magnitude of these risks and to act early to secure their data effectively, so that their activity is disrupted as little as possible in the event of an attack.
Following the launch of the Veeam Data Protection Trends Report 2022 in, it can be noticed that, in general, 89% of global organizations are not careful enough when it comes to data protection, given that the challenges of data protection are becoming increasingly complex. Moreover, security incidents no longer only affect the reputation of companies, but can also affect the very existence of the business. That is why it is crucial for organizations of all kinds to be confident that their data is effectively protected and can be accessed – securely – at any time, regardless of the environment in which it is stored.
The 6 most common types of attacks that organizations and physical users can prepare for and protect against attacks are, namely: online scams, digital attack and blackmail, compromising business emails, ransomware attacks, botnet networks and attacks on mobile terminals.
Most attacks are not carried out by mere opportunists, but by cybercriminals operating in well-organized criminal networks. They devote time and money to researching and refining their methods of attack, using the latest technologies. Veeam Software experts say that any organization should start from the idea that it is not a case of “if”, but of “when” an attack will take place.
These attacks tend to target older generations who are less familiar with digital technology. Usually, these people are more confident and, unfortunately, often have more to lose. Many of these scams tend to mimic a bank’s communications to exploit the trust and respect that older people have for banks. Worse, the scams are becoming more elaborate, more credible and, to an untrained or inexperienced person, seem legitimate and plausible.
This type of attack takes many by surprise. By simply spending more time online, school children or young people in their 20s and older are most at risk. This type of scam is based on threatening to cause extreme social and reputational damage. In some cases, avoiding blackmail is easy if there is no previous dangerous context, such as sending compromising selfies, but younger age groups tend to find themselves in such situations more often.
Compromise of business emails
Better known as phishing, these scams involve sending emails that claim to come from reputable or well-known companies to trick people into revealing personal information, such as passwords or PINs. Remote work has amplified this phenomenon, as many employees do not work in secure corporate networks or do not receive (or ignore!) Cybersecurity training that could protect them, giving criminals a much greater reach.
This form of blackmail has resulted in losses of at least $ 20 billion worldwide in 2021, and forecasts show that losses will increase more than tenfold by 2031. No wonder the insomnia of many company managers, because this type of attack is very profitable for criminals and can cause incalculable damage to the reputation of companies.
The ransomware attack is considered successful when some companies prefer to pay the ransom rather than face the reputational disaster due to the total loss of data. Criminals behind ransomware attacks are organized and use sophisticated tools, which are probably the biggest threat to the corporate world.
The level of risk posed by ransomware depends to some extent on the type of business. For example, a company that operates primarily digitally, such as a bank, would suffer catastrophic losses if it lost its data, while a manufacturing company, although still at significant risk, would not it inevitably lose its ability to generate revenue. Reputation damage as well as loss of customer trust can be large enough to lead to the demise of a company, regardless of industry. Therefore, no industry can be believed to be immune to the negative effects of ransomware attacks.
This is usually the way hackers hide – they compromise and use personal or corporate computers to organize and launch their attacks, which means that the possibility of identifying the source of the attack diminishes quite quickly. If a company or organization does not regularly scan for viruses and malware, it risks unwittingly helping hackers gain access to computers on the network.
Attacks on mobile terminals
Attacks on mobile terminals, through malware, have been gaining momentum lately, according to a Europol report. Although for a time it was only a threat to Europe, this year cybercriminals have managed to penetrate secure networks, and cases of mobile malware have been reported in increasing numbers. Trojan malware attacks in Android banking now have new tactics and techniques for stealing information. A number of malware programs for mobile banking have implemented new capabilities to commit fraud by manipulating banking applications on the user’s device, using the Automated Transfer System (ATS) powered by the Android Accessibility Service system. Cerberus and TeaBot are also capable of intercepting messages containing unique access codes (OTPs) sent by financial institutions and by two-factor authentication applications, such as Google Authenticator.
What can organizations do?
Executives play a crucial role in the fight against cybercrime, Veeam Software point out. Everyone must be involved in protecting the collective ownership of company and customer data. All departments use data to make decisions. Therefore, board members need to support the strategy, investment and security and technology policy of their colleagues in the cybersecurity department. Building an effective cyber resilience strategy also requires the involvement and commitment of all departments to help communicate and monitor its continued progress.
In addition, an effective cyber resilience strategy must work harmoniously across all divisions of an enterprise. Prevention should always be the number one priority, but in the event of a breach or attack, the company must have a disaster recovery plan that is understood and communicated. Any cyber-attack could be catastrophic and therefore there should never be a compromise on how threats are prepared or handled. The best way to ensure that data is protected and recoverable in the event of a ransomware attack is to work with a third-party specialist and invest in an automated, synchronized solution that protects the multitude of production platforms in data centers. and from the cloud on which organizations of all sizes are based today.
Organizations that really want to improve their resilience should constantly educate their employees on how to identify suspicious emails and how to handle sensitive data so that phishing and botnet incursions are minimized. These can be avoided but require efficient email management and the application of machine learning and artificial intelligence tools designed to minimize the chances of emails reaching the user’s mailbox.
Technology has advanced significantly over the last two years, so companies should consider implementing modern sets of data protection tools and strategies to ensure that data can be recovered in the event of a serious breach.
Backup and recovery
Criminals have evolved, and companies should do the same. The old 3-2-1 backup method is no longer enough – three copies, on two different media, and one offsite copy. Currently, best practices add two more levels of security to the old rule, becoming 3-2-1-1-0 – three copies of data, two on different media, one offsite and one copy that has no internet connection at all. and to be recovered with zero errors so that the vulnerability is not reintroduced into production.
As we can see, it is good to understand how cybercriminals attack consumers and companies alike. However, this is only one side of the problem. The other requires the use of this reality to develop a methodical training and backup strategy that is applied from the bottom up and is based on best practices and modern data management.