By Guy Warren, CEO, ITRS Group
In 2021, businesses have relied on their online services more than ever: a post-COVID landscape has normalised employees working from home across industries, and caused online shopping, services and interactions to proliferate. This has brought a range of benefits, from increased efficiencies to reduced overheads to an acceleration of digital transformation.
But it has also created significant complexities – not least of which is increased cybersecurity risks. Work from home policies exposed all and any vulnerabilities and weaknesses in organisations’ security networks. With both regulatory and consumer tolerance for such failures dramatically waning, most firms simply cannot affordthe cost or reputational damage associated with cyberattacks.
With this in mind, firms must understand the most prevalent cybersecurity risks facing them today – and, even more importantly, how do firms mitigate and address these risks; both today and in the future?
A risky landscape
One of the primary cyber risksfacing companies today is undoubtedly trojan horses. While data hacks on firewalls are less common, trojan horses – software installed inside data centres which grants bad actors access to entire platforms, allowing them to access and impersonate users and accounts, access system files, and blend in with legitimate activity without detection, even by antivirus software – are on the rise.
The attack on SolarWinds in late 2020 used this method and was one of the largest cybersecurity breaches of the 21st century.
What’s more, while SolarWinds was the largest attack we have seen to date, there will inevitably be others currently using this technique that have not yet been discovered.
In the case of trojan horses, they have code embedded into the application which then ‘calls home’ and lets the bad actors in. From here, the opportunities are endless – they can run malicious software, steal information, and intercept communication.
There are a range of tools on the market that can help either prevent or identify attacks immediately so they can be addressed before major damage is done .These range from software that can identify more basic cyber-attacks, such as phishing scams, to estate monitoring tools and vulnerability management systems that offer continuous monitoring of systems to alert companies in almost real-time if irregularities are identified.
The last 18 months has seen many rapidly move to insecure work-from-home systems, combine cloud and physical premises, and spread their estates over numerous new third-party providers with a view to slimming down their business models through outsourcing.
The result has been new silos and operational blind spots and weaknesses – which, if firms aren’t careful, can leave them vulnerable to cyberattacks. Being able to spot these irregularities as quickly as possible can significantly minimise the depth and breadth of cyberattacks.
Looking to the future of the cyber risks landscape, trojan horses are, in our opinion, the most significant risk that firms are facing. Trojan horsehacking is currently the most effective tool that cybercriminals have at their disposal – they are often unidentifiable by even the more sophisticated technologies today, and expose all users of that software, rather than having to penetrate users on an individual basis.
As a result, it is likely that this type of cyber risk will proliferate in the coming years – both in frequency and sophistication.