In today’s digital landscape, where cyber threats lurk at every corner, businesses face the daunting task of defending against increasingly sophisticated attacks. According to the 2024 Comcast Business Cybersecurity Threat Report, there’s been a marked increase in the frequency and complexity of attacks, particularly in phishing, ransomware and the exploitation of public-facing applications.
The landscape is expanding with each passing year, making it easier for attackers to exploit a growing number of security flaws in common business software applications. In fact, Comcast Business observed a staggering 29 billion cybersecurity events across its pool of security customers in 2023 – an increase from the 23.5 billion events detected in 2022.
This Cybersecurity Awareness Month, here are three things every organization, regardless of size, should know about protecting against cyber breaches.
1. Despite advancements in tech, phishing reigns supreme
Phishing remains the most significant method for initial access, with over 2.6 billion interactions detected by Comcast Business. Phishing is leveraged not only to trick users into revealing sensitive information but has also become a major delivery mechanism for various malware strains. Based on analysis of activity on Comcast Business services, over 90% of the phishing interactions blocked were designed to lead victims to sites hosting malware.
After all, it’s cheap, flexible, easy to deploy and highly successful. By exploiting human nature, attackers gain the initial access needed to infiltrate further into the network. And that’s when the problem gets even bigger. After successfully gaining initial access, attackers stay hidden and compromise domain servers and databases, from which they harvest vast amounts of credentials and other confidential information.
The trend underscores the need for robust anti-phishing technologies, comprehensive user education programs, and email gateway platforms to mitigate an increasingly pervasive threat.
2. Credential dumping is a prominent threat
Credential dumping incidents have become more prevalent. In 2023 alone, Comcast Business observed 295 million events where attackers attempted to steal and manipulate authentication credentials. One of the biggest challenges arises when an adversary acquires “legitimate credentials.” Such credentials allow attackers not only to authenticate into systems but also to bypass security measures, escalate privileges and conduct harmful activities unchecked.
Effective countermeasures include implementing multi-factor authentication, continuous monitoring for anomalous authentication activities, and regular audits of credential usage.
3. A proactive approach is essential for effective cybersecurity
In a world filled with uncertainties, it’s crucial to concentrate on the elements within your control. Technology teams benefit most from an integrated combination of robust security solutions that provide comprehensive protection. This setup should include managed security services from a reliable provider to enhance or supplement the capabilities of internal teams. These strategies are essential not just for preventing unauthorized network access, but also for actively detecting and neutralizing threats should they penetrate your defenses.
David Egan is the vice president of Comcast Business for Comcast’s Freedom Region, which serves Greater Philadelphia, New Jersey, New York and Northern Delaware.