2024 brings new challenges in the world of cybersecurity. The digital ecosystem is becoming more and more dangerous, and every day shows that both small and large companies are vulnerable to cyberattacks. According to Cybersecurity Ventures, the cost of global cybercrime is expected to rise to $10.5 trillion by 2025. What can we learn from recent cyberattacks and how to protect ourselves from them?
Cyberattacks on the rise: the number increased fivefold
Recent years have brought a wave of cyberattacks that have rocked the world of business and technology. Cybersecurity incidents have highlighted the weaknesses of even the most advanced IT infrastructures. These incidents have not only made companies aware of the need to invest in cybersecurity, but have also provided valuable lessons on the threats lurking in the digital world. By analysing these cases, we can better understand what mistakes were made and what preventive measures can help avoid similar situations in the future.
In May 2024, the number of cyberattacks on Polish companies increased fivefold compared to the previous year, according to the latest data from ESET. The first quarter of 2024 started with a warning from the Polish Financial Supervision Authority about fraudsters impersonating Bank Millennium. The cybercrime involved promoting a survey on social media, which, when completed, promised monetary rewards. In reality, the fraudsters were extracting personal data and payment card information.
During the same period, the city hall in Fürth, Germany, became a victim of a DDoS attack, which blocked all its websites. A similar incident occurred in France in the canton of Chalosse Tursan in the Landes department, where a cyberattack disrupted IT systems, significantly hampering public services.
In Belgium, in March 2024, production in all Duvel Moortgat breweries was halted due to a cyberattack. The incident, attributed to a group of Russian hackers, triggered the brewery's security system, which shut down servers to prevent further damage.
Phishing attacks
Phishing is currently the most popular tool of cybercriminals. It is an online fraud technique in which cybercriminals impersonate trusted individuals or institutions to phish for sensitive data, such as passwords or banking information, through fake emails, websites, or text messages. According to a Lookout report, half of smartphone owners were targeted by phishing attacks every quarter of 2022. In January 2023, Reddit announced that their employees had fallen victim to an advanced phishing attack that resulted in the leak of employee data and access codes. Education and regular employee training is key to addressing this threat.
Malware
Recent years also saw a significant increase in malware (malicious software) attacks, which is software designed to infiltrate, damage, or gain unauthorised access to a user's computer systems, networks, or data, including viruses, Trojans, ransomware, and spyware. In February 2023, Orange Spain experienced a major breakdown after an actor identified as ‘Snow’ accessed an account managing a global routing table using a ‘ludicrously weak’ password. Infostealing malware infected the administrator's computer, stealing the password, which was then sold on the dark web. Snow used this to log into Orange's RIPE NCC account, leading to manipulation of the routing table and eventually a ‘denial of service’ type attack.
Learning from others' mistakes
With cyberattacks on the rise, implementing daily cybersecurity practices is becoming an essential part of any company's operations. Good practices such as regular software updates, using strong passwords, and conducting employee training can significantly reduce the risk of a data security breach. Michał Billewicz – Senior Compliance Officer at Britenet, talks about 5 things to keep in mind to protect your business from potential cyberattacks.
Employee training – Educating employees on how to recognise phishing attempts, use strong passwords, and use the internet safely is key to protecting your business. Regular training and phishing simulations can help build awareness among employees.
Two-factor authentication (2FA) – The use of two-factor authentication significantly hinders unauthorised access to systems and data. 2FA requires a second authentication component, such as an SMS code, mobile app, hardware token, or biometrics, which increases the level of security.
Data encryption and backups – Encryption is a security feature that ensures that even if data is stolen, it will be useless without the right key. Encryption should be used both during data transfers and at rest. Regularly backing up data is key in the event of attacks such as ransomware.
Regular updates – Systems and software should be updated regularly to prevent known security vulnerabilities. Regular updates help to maintain a high level of protection against new threats that emerge every day. IT staff should monitor the availability of patches and updates and implement them as soon as possible to minimise the risk of potential attacks.
Monitoring and detecting threats – Proactively monitoring IT systems in real time and implementing systems to detect and respond to threats can make a significant difference to the speed of incident response and ease of handling.
Michał Billewicz – Senior Compliance Officer
Future-proof your business
Cybersecurity is an area that is becoming more and more important every year. Recent incidents have made us realise how important it is not only to have the right protective technologies in place, but also to constantly improve security procedures and raise employee awareness. In a world full of constantly evolving cyber threats, companies must always be vigilant and aware of the risks. The examples of protection mechanisms given above are the minimum elements of protection appropriate for any organisation, regardless of the sector in which it operates. A good IT partner, such as Britenet, can also help you take care of your company's cybersecurity.