That's why this month, we're highlighting five urgent cyber trends and ways to mitigate them.

Trend 1: 90% of phishing websites are live for just one day

This statistic highlights a concerning aspect of cybercrime—the rapid turnover of such malicious sites complicates detection and mitigation efforts. Attackers create and dismantle phishing sites quickly, often targeting high-traffic events, like holidays or significant product launches, maximizing their chances of success in a short window. The ephemeral strategy makes traditional security measures less effective, as many detection systems rely on historical data and established patterns to identify threats. The short lifespan of these websites means they can often evade blocklist systems and other defenses before organizations even become aware of their existence. As a result, cyber security professionals face an uphill battle, requiring them to adopt more agile and proactive strategies to identify and counteract these transient threats, which can strike at any moment and vanish just as quickly.

Here are some tips from Rob Falzon, Office of the CTO at Check Point:

•     In today's digital landscape, it's not enough to hope you'll avoid a cyber attack—you must be prepared for when it happens. Implement regular phishing exercises to help employees recognize threats and build a rapid response plan to act swiftly during an attack.
•     Assume a breach will occur and ensure your team knows their role in mitigating damage. A well-prepared organization will have a clear action plan: alert the security team, disable compromised accounts, and notify users immediately.
•     Being proactive and ready can significantly reduce the impact of a cyber attack.

Trend 2: 70% of malicious files are delivered via email

Despite technological advancements and communication methods, email is a persistent communication vector for cyber-attacks. Its widespread use and the inherent trust users place in their inboxes make it a favorite for cybercriminals. Email's adaptability enables attackers to customize their messages for individual targets, significantly raising the chances that recipients will engage with the attachments. For example, they often employ social engineering tactics, creating a sense of urgency or familiarity to prompt users to act impulsively. This approach not only manipulates human behavior but also takes advantage of the fact that numerous organizations continue to use email as a critical method for exchanging files and information.

Here are some tips from Jeremy Fuchs, Office of the CTO at Check Point:

•     Emphasize security that scans files and blocks malicious content, like Content Disarm & Reconstruction (CDR). This goes beyond pure malware analysis and actually takes action to make the file safe. CDR instantly removes any executable content, before delivery, whether it is detected as malicious or not. This way, the end-user knows they are working on a safe file.
•     Practice good cyber hygiene. When dealing with files or email, it's important to always undertake good cyber security practices. This includes hovering over the sender address to make sure it matches, hovering over any links in the email, and checking for any major spelling or grammar mistakes.
•     Take a second and think, "Am I expecting a file from this person?" Think about a PDF that needs a signature. "Am I a signatory? Do I receive documents to sign often?" Taking a few moments to think through the context of the email can often help sort through what's good and what's bad.

Trend 3: On average, each organisation has suffered over 1620 weekly cyber-attacks since the start of this year, a 40% increase from 2023

The increase in cyber-attacks illustrates the heightened sophistication of cyber threats, as attackers utilize advanced methods and automation to exploit vulnerabilities. Several factors contribute to the significant rise in attack frequency, such as the widespread adoption of remote work, and the increasing use of partners which has expanded the potential attack surface for organizations. Cybercriminals exploit emerging security weaknesses as employees access sensitive systems from diverse locations. Furthermore, the ongoing prevalence of ransomware and other profit-driven attacks fuels this growth, with attackers eager to exploit any available opportunity for financial gain.

Here are some tips from Pete Nicoletti, Global CISO at Check Point:

•     It's not just the increased volume of attacks we are seeing, but the dwell time is dramatically shrinking from initial exploitation to data exfiltration, from weeks to seconds. Human reaction time is not fast enough any longer and AI-driven prevention and automated response is the only way to reduce this trend.     
•     Your tools must work together and reduce the MTTR (Mean Time to Resolve). Look into Check Point Playblocks for out of the box automation and orchestration of all your tools, no matter the vendor.
•     Automate preventative responses to threats found with EASM. It is no longer good enough to wait for threats to arrive and knock on your door. With EASM, you will be aware of external threats and have defenses proactively prepared.

Trend 4: Cybercriminals have published details of over 3,500 successful ransomware attacks on businesses so far this year

Cybercriminals continue to use data exposure as a means of extortion. One explanation for the trend is the emergence of ransomware-as-a-service (RaaS), which has made it easier for less skilled criminals to launch attacks and has expanded the pool of potential offenders. Cybercriminals now will use advanced techniques like double extortion, where they not only encrypt the data but also threaten to leak sensitive information if the ransom isn't paid, hence the increase in exposed data.

Here are some tips from Micki Boland, Office of the CTO at Check Point:

•     Deploy strong endpoint security for all endpoints, mobile devices and tablets, laptops, and servers and ensure zero-phishing, anti-malware, anti-ransomware and full disk encryption.
•     Ensure all mission critical and highly restricted and protected data is segmented with access control and data protection. It should be encrypted and regularly backed up, and backups tested.. This includes but is not limited to PII, PHI, financial, corporate strategy, intellectual property including software, AI and training and test data (encrypted or tokenized, masked and anonymized), employees, competitive information, customers, stakeholders, and partners, no matter where it is located: on premise, cloud or partner.
•     Deploy strong email security to protect against business email compromise (BEC), which is still the number one attack vector according to IC3, and is used by cybercriminals to further ransomware and malware attacks as well as conduct cybercriminal financial fraud.

Trend 5: On average, the education sector suffers the highest rate of cyber attacks, followed by the government and healthcare sectors.

Educational institutions, especially universities, often focus on accessibility, resulting in expansive networks that cybercriminals can easily exploit. Many users and devices can lead to weaker security practices, making them attractive targets for phishing and data breaches. Similarly, government entities are prime targets due to the sensitive information they manage, which can be exploited for financial or political gain.

Healthcare organizations encounter unique challenges as they handle vast amounts of personal data, often needing more cyber security measures. The urgency surrounding medical services can sometimes compromise security measures, increasing their susceptibility to ransomware and other attacks. The recent shift toward digital operations, accelerated by the COVID-19 pandemic, has expanded the attack surface across all sectors, providing new opportunities for cybercriminals. The prevalence of attacks in education, government, and healthcare underscores the critical need for improved cyber security strategies, comprehensive employee training, and effective incident response plans to protect vital data and ensure operational stability.

Here are some tips from Aaron Rose, Office of the CTO at Check Point

•     Assess your current cyber security posture through a Security Workshop, which evaluates existing security measures to identify weaknesses and vulnerabilities within systems and processes. By thoroughly examining the network infrastructure, software applications, hardware devices, security operations and organizational policies, you can pinpoint areas that require improvement.
•     Secure your network infrastructure by segmenting networks to limit the spread of potential breaches and adopt a prevention-first mentality (once the bad actors are inside, it's already too late). Strong access controls must be in place, adopting a zero-trust architecture will help ensure that only authorized personnel can access sensitive information.
•     Employee education plays a critical role in cyber security. Establish training programs to increase awareness about phishing, malware, and ransomware. Regular workshops, continuous learning initiatives, and simulated phishing exercises can prepare staff and students to recognize and respond appropriately to potential attacks.
•     Regular vulnerability scanning, External Attack Surface Management (EASM) solutions, and prompt patch management can address security flaws before cyber criminals exploit them. In addition, implementing multi-factor authentication is no longer a "nice to have," it's an absolute must in this age of cyber warfare.
•     Develop and regularly update incident response plans is to minimize the impact of any cyber attacks that do occur. These plans should outline specific steps for detection, containment, and recovery, and ensure clear communication channels among all stakeholders. Regular backups of critical data and ensuring quick restore and access to these backups can significantly reduce downtime in the event of an attack.

Staying Protected in a New Digital Age

This October, let's all commit to working together to prevent cyber attacks. These five trends  emphasize the critical need for organizations to enhance their cyber security protocols and cultivate a culture of awareness. Cybercriminals are adopting increasingly sophisticated methods, from swift phishing schemes to elaborate ransomware attacks, raising the stakes significantly.

Organizations should take proactive steps to significantly reduce the risk of breaches, protect sensitive data, and ensure the continuity of essential services. Proactive (vs. reactive) cyber security efforts not only safeguard sensitive data but also maintain the trust of those they serve. By staying informed about these trends and adopting proactive measures, organizations can fortify their defenses against potential threats, while building cyber resilience.