National Cybersecurity Awareness Month: The Top Cyber Treats of 2021 and How CREG Systems can Help

By Courtney Rosario on October 25th, 2021 | Tags:

It’s October, which means it is time for pumpkin patches, apple picking, cold weather, and more! October is also National Cybersecurity Awareness Month, which was launched in 2004 by the National Cyber Security Alliance and the U.S. Department of Homeland Security. 

What is National Cybersecurity Awareness Month?

When Cybersecurity Awareness Month began, the awareness efforts centered around advice like updating your antivirus software twice a year to mirror similar efforts around changing batteries in smoke alarms during daylight saving time. Over the years, National Cybersecurity Month has developed to change with technology. 

According to reports, the most common tactics hackers use to carry out ransomware attacks are email phishing campaigns, RDP vulnerabilities, and software vulnerabilities, and the total ransomware costs are projected to exceed $20 billion in 2021. However, CREG Systems is Northern New York’s most trusted and experienced resource that is prepared to prevent ransomware attacks on your business. 

What are the Top Cyber Threats of 2021?

We at CREG Systems seek to educate the public about how to maintain their network health. We do so by providing educational materials, like this article. We also assess your network and provide recommendations and services that will strengthen your security. Contact us today to protect your data. Meanwhile, here are some common threats that CREG Systems recommends you watch out for:

  • Phishing
    • Phishing is one of the most common types of cyberattacks, mainly because it is often an effective technique for gaining access to an organization’s network and systems. It’s usually easier to trick an employee into handing over sensitive data (like login credentials) or running a piece of malware on a company computer than to accomplish these goals through other means.
  • Double-Extortion Ransomware
    • Ransomware has been a growing threat in recent years. Several high-profile attacks demonstrated that ransomware was profitable, driving a rapid increase in cybercrime groups operating this malware. On average, ransomware claims a new victim every ten seconds worldwide. Ransomware cost businesses around $20 billion in 2020, an increase of 75% over the previous year.
    • Another recent trend is the “double extortion” ransomware campaign. Instead of simply encrypting files and demanding a ransom for their recovery, ransomware groups now steal sensitive and valuable data from their victims as well. If the target organization does not pay the ransom, this data is posted online or sold to the highest bidder.
  • Remote Work Exploitation

In 2020, the COVID-19 pandemic forced businesses to pivot quickly to a remote workforce.  In a short time, companies with no existing telework programs had to adapt and update their infrastructure to allow employees to work from home.  However, the rush to stand up remote work programs left security gaps that are exploited by cybercriminals. In 2021, companies continue to face new security threats made possible by widespread telework, including:

  • The exploitation of Remote Access Solutions:
    • Employees working from home need access to the corporate network. As a result, the use of virtual private networks (VPNs) and the remote desktop protocol (RDP) has exploded during the pandemic. Cybercriminals have taken advantage of this, exploiting poor password security and VPN vulnerabilities to access corporate networks, steal data, and plant ransomware.
    • Thread Hijacking Attacks:
      • In a thread hijacking attack, an attacker with access to an employee’s email or other messaging accounts will respond to an existing conversation. These responses will contain malicious attachments or links to phishing sites and are designed to expand the attacker’s access within an enterprise network. With the rise of remote work, the frequency and success rate of these attacks has grown as employees increasingly communicate using alternative platforms and cybercriminals are more successful at gaining access to email accounts.
    • Vulnerable and Compromised Endpoints:
      • With remote work, employees are working outside the corporate perimeter as well as the cyber defenses deployed there. Additionally, these devices are less likely to be up-to-date on patches and compliant with corporate policy. As a result, they are easy targets for exploitation by cybercriminals.

How can CREG Systems help?

CREG Systems ensures that the data you share and store is secure and protected, which pledges efficient operation and credibility to your organization. Our certified and highly-trained staff will meet your needs and plan a security system roll-out strategy that best fits your goals.

  • Hardware & Software
    • Keep your data safe by using the most up-to-date security software and hardware.  Make sure you are secured through NEXTGEN firewalls, use sandboxing for extra protection, and ensure you have a defense at the gate.
  • Multi-level Protection
    • From your desktop to the firewall, each device in your organization should have segmented and multi-layered protection. Usually, you can stop a data breach before it threatens your vital information.
  • Insider threats
    • While many organizations have multi-layer security systems and data protection in place, there could still be other risks to consider. Former employees can be a threat to your cybersecurity.  Be sure to remove any access they may have and their data as soon as they leave the organization.  Be sure to teach employees about the importance of security and have regular testing to ensure your data is secure.
  • Good Cyber Habits
    • Be sure to keep your information backed up but, never keep your backups online.  Be sure to keep your systems updated and double-check apps to determine if they are corrupt or not. Limit access privileges and use two-factor authentication.  Preventing cyber threats is better than curing them.

Our staff are trained and certified as Certified Information Security System Professional (CISSP), Certified Ethical Hacker, and Certified Wireless Network Administrator and holds CompTIA A+, CompTIA Network+, CompTIA Security+, Windows Server, and Microsoft Exchange certificates. In conclusion, our staff is the best equipped to deliver you the best cybersecurity in the North Country.