Consequently, Symantec says email remains a significant attack vector for cybercriminals, but they continue to experiment with new attack methods across mobile devices and social networks to reach more people, with less effort.
“Cybercriminals are inherently lazy; they prefer automated tools and the help of unwitting consumers to do their dirty work,” Haley adds.
“Last year, 70 percent of social media scams were shared manually, as attackers took advantage of people’s willingness to trust content shared by their friends.”
While social media scams can provide cybercriminals with quick cash, some rely on more lucrative and aggressive attack methods like ransomware, which rose 113 percent last year.
Notably, there were 45 times more victims of crypto-ransomware attacks than in 2013. Instead of pretending to be law enforcement seeking a fine for stolen content, as we’ve seen with traditional ransomware, the more vicious crypto-ransomware attack style holds a victim’s files, photos and other digital content hostage without masking the attacker’s intention.
As attackers persist and evolve, Haley believes there are many steps businesses and consumers can take to protect themselves.
As a starting point, Symantec recommends the following best practices for businesses:
Don’t get caught flat-footed: Use advanced threat intelligence solutions to help you find indicators of compromise and respond faster to incidents.
Employ a strong security posture: Implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies.
Partner with a managed security service provider to extend your IT team.
Prepare for the worst: Incident management ensures your security framework is optimised, measureable and repeatable, and that lessons learned improve your security posture.
Consider adding a retainer with a third-party expert to help manage crises.
Provide ongoing education and training: Establish guidelines and company policies and procedures for protecting sensitive data on personal and corporate devices.
Regularly assess internal investigation teams—and run practice drills—to ensure you have the skills necessary to effectively combat cyber threats.