On June 28, 2022, the Baton Rouge General Medical Center in Louisiana lost its electronic medical record and patient system to a cyberattack.
24 hours earlier on June 27, in Tennessee, Geographic Solutions Inc. — a workforce and unemployment benefit provider — was taken offline.
Now, these cyberattacks have shifted from public utilities and infrastructure to attacks targeting all industries and sectors. The Cybersecurity and Infrastructure Security Agency (
However, Russian-linked attacks are far from being the only threat. The
Cyberattack tactics and trends
The most used tactics and trends in 2022 include phishing and ransomware. Faced with improved security posture from the organizations they're targeting, cybercriminals are increasingly turning to phishing attacks, where they look for the weakest point of entry: the organization's workers or their third-party partners
In phishing campaigns, attackers mimic official organizations utilizing email, phone calls, SMS, and online mechanisms to trick users into giving out sensitive information or downloading malware.
Ransomware is another global trend where malicious actors take control of an organization's system or sensitive data, often forcing a shutdown of company operations. To combat this risk, it's advisable to have an updated disaster recovery plan (DRP), backup your data, and never pay the ransom should an attack be successful.
“Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model,” CISA says.
Ransomware attacks are also becoming more aggressive, with trends revealing attacks that destroy data instead of encrypting it. Cybercriminal services-for-hire has transformed ransomware into a professional market,
Other common mechanisms for attack include:
- Cyber espionage: Stealing information and intellectual property to gain a competitive advantage.
- Zero-Day: Complex, often multi-vector attacks that capitalize on a previously unknown software vulnerability.
- Distributed Denial-of-Service (DDoS): A malicious flood of traffic to a targeted service, server, or network to disrupt regular traffic and/or crash the service.
Counter-disruptive cybersecurity: How to protect your organization
In today’s intensive rate of attacks, it is not a matter of “if” but of “when” an attack will happen. Therefore, the best defense is the fortification of the security ecosystems and a proactive approach.
Incident response plans (IRPs) and disaster recovery plans (DRPs) are of paramount importance, allowing organizations the opportunity to rapidly detect, isolate, respond, and manage an attack and also quickly restore and recover. These systems register incidents and can be used to learn more about attacks.
Off-grid backups and encryption are key for an incident response plan because, with them, organizations can restore their environment without the need to pay the ransom to recover the data.
To detect breaches, leading organizations use next-generation firewalls (NGFWs). They combine the features of traditional firewalls with other security technology such as; in-line deep packet inspection (DPI) and intrusion prevention system (IPS). NGFWs can detect threats in seconds, providing real-time visibility, and they can be deployed on-premises, in cloud networks, or via a hybrid approach.
Other security technologies and best practices include:
- Endpoint Detection and Response (EDR): The go-to technology to monitor all endpoint devices, from computers, to smartphones or IoT. EDR can detect a cyberattack, alert, and respond with automated remediation.
- Security Information and Event Management (SIEM): They provide a 360 real-time vision of an entire IT infrastructure, can scan massive amounts of data very rapidly, and alert security teams of any suspicious activity.
- Cybersecurity Training and Security Culture Programs: Employee negligence and malicious acts account for two-thirds of all cyber breaches. By integrating cybersecurity into a company's culture, making it a foundational component of an organization's policies and programs, employees of all levels and departments will be more educated against threats.
- Identity and access management: More than 90% of attacks can be prevented with the use of multi-factor authentication (MFA) and Single Sign-On (SSO).
- Cloud Security: From migration to cloud operation, the security of the cloud is a great challenge. Tightening configurations around databases, operating systems, and network access cloud environments are key.
While this new wave of cyberattacks — taking place in backstage of complex international conflicts — has created an unprecedented and urgent cybersecurity crisis, organizations and businesses can protect their data by incorporating foundational security practices.
Making informed decisions, updating tech and infrastructure, drawing up a security plan, and implementing a cybersecurity culture across the entire organization is today the best defense against cyberattacks.
-Taylor Hersom, Founder and CEO of
