IT threats: recent developments and implications

Threats posed to IT systems are evolving quickly and if adequate defensive measures are not put in place, they risk causing considerable damage. The fact that there was a peak in digital attacks in 2020 is largely due to the huge increase in remote working.

As a result of the Covid-19 pandemic and the consequent lockdowns imposed, many companies have turned to remote working as a solution. This choice has, however, opened the doors to cyber criminals who, thanks to the current situation, have found themselves in an ideal position to launch wide ranging cyber-attacks with greater ease than ever before.

Remote working is the prime target

Breaching a well-protected company network which is supported by team of IT specialists who test and check its defences daily is quite a challenge even for the best hackers. However, now that employees are obliged to use their domestic network to access company systems, the hackers’ chances of success have dramatically increased.

It is much easier for cyber criminals to launch an attack on an ordinary domestic router or modem, as they can take advantage of most people’s lack of awareness of the risks regarding web use and the low levels of protection typically found on such systems.

The use of personal devices lacking adequate security protection for remote working can create a serious risk to company security. Smartphones, tablets, PCs or laptops, which are rarely equipped with efficient antivirus software or up-to-date data encryption facilities, can provide a perfect entry point for any criminally minded individual.

Generally speaking, the hacker’s main objective is not the individual employee but rather to use them as a way to obtain access to the company network, in order to get round the protective measures put in place by the company’s cyber security team more easily.

The evolution of IT security threats

Nowadays, even the least tech-savvy employee is generally aware of how malicious emails or messages work and knows not to install suspicious files or click on unknown links. Despite this, phishing remains one of the greatest threats to company IT systems and the worrying aspect is that the strategies used to implement it continue to evolve.

Hackers have adapted this strategy of attack so as to make the messages they send look completely convincing.  This has become possible thanks to the use of sophisticated resources and technologies such as Artificial Intelligence and Machine Learning.

Two recent Covid-19 related phishing scams have proved among the most lucrative for the hackers: the first offers to supply difficult to come by personal protective equipment, while the second offers support for remote workers, while posing as the official helpdesk of the company where they work or a firm whose services they use.

These messages work by acting as a vehicle for dangerous software to be introduced into the target device, with the aim of taking control of it or stealing login credentials. As well as the usual viruses and Trojans or Rats, one of the most dangerous threats is ransomware, which caused innumerable financial losses to companies in almost every sector during 2020.

The year 2021 is set to be a particularly intense one for IT security experts, who will have to re-think company protection systems completely, bearing in mind the ongoing emergence of new IT threats.

The increased use of the IoT in domestic settings has complicated the job of IT security experts considerably; better training of remote workers and the adoption of secure devices provided directly by employers are now required.

Translated by Joanne Beckwith