Cybersecurity: Attack vectors targeting tech companies

Cybersecurity has changed drastically over the past year, and shown how important it is that businesses are taking the right steps to mitigate attacks

Cybersecurity has become increasingly important with a shift in how businesses are working. There’s a huge demand for organisations to secure their networks and make sure all security systems are in place to stop attacks. 

In 2020, businesses faced a 20% rise in cyber security threats versus 2019, with the first COVID-19 lockdown in March serving as the catalyst for a year of increased efforts to infiltrate corporate networks.

In the UK, businesses each faced 686,961 attempts on average to breach their systems online in 2020, according to internet service provider Beaming. This equates to an attempted attack every 46 seconds, with 2020 proving to be the busiest year on record for cyber attacks. 

So how are threat actors succeeding? A two-attack vector approach seems to be the answer.  In cybersecurity, an attack vector is a method of achieving unauthorised network access to launch a cyber attack. Attack vectors allow cybercriminals to exploit system vulnerabilities, gaining access to sensitive data, personally identifiable information (PII), and other valuable information accessible after a data breach.

The average cost of a data breach is about $3.92 million, so it pays to think through how to minimise potential attack vectors and prevent data breaches.

Let’s have a look at the two-attack vector approach. 

1. Attacks to the business itself

The first attack vector is attacks on the business itself, and this can come in a number of ways. 

Phishing is a very common way hackers will try to gain personal information, and it is a technique that has been on the rise during the pandemic. The UK’s HMRC detected a 73% rise in email phishing attacks in the first six months that the COVID-19 pandemic struck the country. Phishing is a technique where the target is contacted by email, telephone or text message by someone who is posing to be a legitimate colleague or institution to trick them into providing sensitive data, credentials or personally identifiable information (PII). 

Cyber attackers also focus their efforts on hacking user IDs and passwords that are weak or can be easily guessed. 

The cloud been a lifeline to many organisations during the coronavirus pandemic as it enabled a swift transition from office to home working, but one concern is security. In 2020, bad actors sent 61% of malware through cloud applications to target remote workers. Attackers also targeted cloud-based apps in more than one-third (36%) of phishing attacks as a means of gaining a foothold in the target’s network.

2. Cybersecurity of the products they develop 

The other attack vector technology companies need to consider is the cybersecurity of the products they develop. Although it is not a new threat, products are becoming targeted by threat actors. 

Many companies carry out secure code reviews, a specialised task involving manual and/or automated review of an application's source code in an attempt to identify security-related weaknesses in the code, and specific testing of their products, but threat actors are tailoring their attacks to target vendors and the supply chain.

SolarWinds, a major US information technology firm, was the subject to a cyberattack that spread to its clients and went undetected for months, based on this attack vector. They saw their stock lose nearly 40% of its value by January.

Threat actors are no longer just targeting organisations themselves, but they are now targeting the products being manufactured and leveraging them to infect not just a single end user, but all the users that consume their solutions. Businesses need to put many different security measures in place to try to mitigate attacks and ensure the privacy and safety of their consumer’s data.


Featured Articles

How Microsoft Is Helping Rural Hospitals Get Cyber Secure

Microsoft is giving rural hospitals a hand to help them get their cybersecurity up to snuff to keep them running amid the rising attacks on healthcare

SpiceRAT: Cisco Talo Sound Alarm Over New Trojan

Remote Access Trojans are resurfacing, and Cisco Talo shows they are doing so with increased sophistication

CrowdStrike & HPE: Unifying IT and Security for Secure AI

CrowdStrike and HPE are joining to integrate their Falcon platform and GreenLake cloud and OpsRamp AIOps to give an overview of AI infrastructure

Zscaler and NVIDIA Join to Upskill Zero Trust with Gen AI

Network Security

Gigamon Sound Alarm on Cloud Security as Unseen Attacks Soar

Cloud Security

Helping APAC Curb the Threat of Cyber Attacks

Hacking & Malware