On June 28, 2022, the Baton Rouge General Medical Center in Louisiana lost its electronic medical record and patient system to a cyberattack. WAFB9 reported that the organization switched to “old-fashioned paper” healthcare to avoid a complete collapse of its medical services.

24 hours earlier on June 27, in Tennessee, Geographic Solutions Inc. — a workforce and unemployment benefit provider —  was taken offline. The Washington Post reported that more than 12,000 residents of Tennessee did not receive unemployment payments due to the attack. On June 27, Macmillan Publishers in New York were forced offline by a ransomware attack. On June 14, in El Paso, Texas, the operations of an automotive supplier were disrupted. On June 11, the Guadalupe county of Texas reported a network breach, and the same day Rhode Island’s Newport municipal government servers went down.

Now, these cyberattacks have shifted from public utilities and infrastructure to attacks targeting all industries and sectors. The Cybersecurity and Infrastructure Security Agency (CISA) says that there is one cyberattack every 39 seconds, and 43% target small businesses. In the backdrop of international conflict — the ongoing Russian invasion of Ukraine and U.S. tensions with Iran, China, and North Korea — and the extensive network of transnational cybercriminal organizations, the risks of cyberattacks have increased to crisis levels.

However, Russian-linked attacks are far from being the only threat. The Annual Threat Assessment of the U.S. Intelligence Community of February 2022 of the Office of the Director of National Intelligence (DNI) warns that China, Iran, North Korea, South Asia, transnational organized crime, illicit drug cartels, terrorist, money laundry, and cybercrime organizations are also a threat to American organizations.

The most used tactics and trends in 2022 include phishing and ransomware. Faced with improved  security posture from the organizations they're targeting, cybercriminals are increasingly turning to phishing attacks, where they look for the weakest point of entry: the organization's workers or their third-party partners

In phishing campaigns, attackers mimic official organizations utilizing email, phone calls, SMS, and online mechanisms to trick users into giving out sensitive information or downloading malware.

Ransomware is another global trend where malicious actors take control of an organization's system or sensitive data, often forcing a shutdown of company operations. To combat this risk, it's advisable to have an updated disaster recovery plan (DRP), backup your data, and never pay the ransom should an attack be successful.

“Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model,” CISA says.

Ransomware attacks are also becoming more aggressive, with trends revealing attacks that destroy data instead of encrypting it. Cybercriminal services-for-hire has transformed ransomware into a professional market, CISA says.

Other common mechanisms for attack include:

Counter-disruptive cybersecurity: How to protect your organization

In today’s intensive rate of attacks, it is not a matter of “if” but of “when” an attack will happen. Therefore, the best defense is the fortification of the security ecosystems and a proactive approach.

Incident response plans (IRPs) and disaster recovery plans (DRPs) are of paramount importance, allowing organizations the opportunity to rapidly detect, isolate, respond, and manage an attack and also quickly restore and recover. These systems register incidents and can be used to learn more about attacks.

Off-grid backups and encryption are key for an incident response plan because, with them, organizations can restore their environment without the need to pay the ransom to recover the data.

To detect breaches, leading organizations use next-generation firewalls (NGFWs). They combine the features of traditional firewalls with other security technology such as; in-line deep packet inspection (DPI) and intrusion prevention system (IPS). NGFWs can detect threats in seconds, providing real-time visibility, and they can be deployed on-premises, in cloud networks, or via a hybrid approach.

Other security technologies and best practices include:

While this new wave of cyberattacks — taking place in backstage of complex international conflicts — has created an unprecedented and urgent cybersecurity crisis, organizations and businesses can protect their data by incorporating foundational security practices.

Making informed decisions, updating tech and infrastructure, drawing up a security plan, and implementing a cybersecurity culture across the entire organization is today the best defense against cyberattacks.

-Taylor Hersom, Founder and CEO of Eden Data