Cybersecurity Threats of 2021
While medical experts have long been predicting another pandemic, COVID-19 still came as quite a surprise. Few could have anticipated the nearly immediate global impact and company-wide and industry-wide lockdowns that followed. Overnight, projects and initiatives were put on hold as employees and IT teams focused on redirecting all workflows through remote access, while also ensuring that security remained a top priority.
Naturally, hackers tried to take advantage of this shift in the workforce. According to a recent survey by Opinion Matters, IT cybersecurity leaders have noticed a distinct uptick in cyber hackers, with 90% of these groups experiencing an increase in cyberattacks during the past year. In the preceding year (12 months), almost all groups (94%) suffered from a data breach of some kind.
In the DevSecOps community, we’re already preparing for the potential cyber threats that are imminent in 2021. With constantly evolving threats and new technologies, your cybersecurity plan may need to be adjusted. And with the ongoing coronavirus and the continued reliance on the remote workforce, there are bound to be some cybersecurity threats that we have not seen before.
To be most prepared, consider the following cybersecurity threats for 2021:
Cybersecurity Threats of 2021
Pandemic-related Phishing Attacks
Hackers are using the pandemic as an entry point to hack into, gain access to, and wreak havoc on our personal lives and professional businesses. From phony IRS emails to fake COVID-19 related inspections, hackers are exploiting our fears and concerns about this devastating virus to their own advantage.
Phishing scams related to the pandemic might come from an email or phone call, but the goal is to get the individual to click on a malicious link or provide sensitive information. To protect against this kind of cyber attack, individuals need to be informed.
Businesses should educate employees as to the common characteristics of these types of attacks. Typically, these emails might appear to be sent by a familiar email address. So, if there is a common phishing attack, inform employees of specific emails that might come through and provide examples of anomalies they should be looking for. You can also consider integrating employee monitoring software into a comprehensive cybersecurity plan to protect against phishing attacks.
Faster Ransomware Attacks
In general, ransomware attacks navigate a system quickly and take advantage of a loophole or error. Due to advances in technology, these attacks are becoming more prevalent and happening more frequently.
According to Cybersecurity Ventures, in 2021 we can expect to see a business fall victim to a ransomware attack every 11 seconds, which is an increase from 2019 when ransomware attacks occurred every 14 seconds. With the cost of ransomware attacks at over $20 billion globally, it’s no surprise that businesses are on their toes to try to prevent a ransomware attack.
Unfortunately, there is no way to predict when a ransomware attack will occur. Perimeter-based security defenses on internet access, like firewalls and anti-virus software, while required, will not protect your company against ransomware.
Seek more advanced security defenses and practice cybersecurity hygiene, such as employee training, updating endpoint software, and data backup. Consider implementing zero trust or least privileges controls and adopting employee monitoring to detect errant behaviors and for insider threat protection.
Increasing Attacks on Personal Devices Now Being Used for Work
Based on the rise of remote work and the patchwork system that was necessary to make the sudden shift to remote work possible, there are understandably many areas where IT and cybersecurity threat protection was (and continues to be) lacking.
With employees accessing secure company data through their personal devices and networks, businesses have less control over how much of this technology operates and the security measures protecting the company data. Employees might also be using the Internet of Things (IoT). IoT devices might increase the threat landscape since it allows for additional breach endpoints for sensitive data to be accessed through and extracted.
Hackers might gain access through a personal internet connection (router/modem) or by accessing personal devices through employees’ private emails and social media accounts.
Cloud Breaches Due to Cloud Misconfigurations
With more remote work being required due to social distancing and expanding globalization in the workforce, cloud services are becoming far more prevalent. With cloud services come more emerging threats for cybersecurity.
If your business is not prepared for using cloud services as critical infrastructure, then this could be a ticking time bomb. Risk is increased with cloud misconfigurations and how the cloud is accessed and controlled. Additionally, the cloud is the newest technology normalized in business use, so there are bound to be murky areas and parts of the cloud network that are not yet fully secured,
A cybercriminal might easily target cloud infrastructure based on the number of high-profile businesses that use the service. Cloud breaches can also be vulnerable to a social engineering attack. If you use cloud services, be sure to tighten up your privilege access, backup your data, and require two-factor authentication.
Updated “Nigerian Prince” Scam – Government Agencies
The Nigerian Prince scam is a classic crook scam where a caller or emailer pretends to be royalty and promises to send money to a bank account, so long as the user provides banking details. While the Nigerian Prince scam might not be as prevalent, it’s cousin – government agencies – is on the rise.
In the updated version of the scam, the malicious attacker pretends to be a government agency like the U.S. government or IRS and claims to be sending out stimulus checks. Protecting against this scam requires training; employees should always be educated on government best practices.
Chances are the U.S. government does not email or send telephone messages, and employees are encouraged to only access government websites for stimulus checks. Educate employees based on updated scams so that cybersecurity threats can be avoided.
Preparing Your Cybersecurity for 2021
The good news is that while cybersecurity threats are constantly increasing and evolving, this is something that we can prepare for. No cyber attack listed above is particularly new or something that we have never seen before.
No matter what the status of the virus in the next year, prepare your business to be working both in-house and remotely. If you don’t have an IT department, hire reliable third-party cybersecurity professionals so that your company data is continually monitored and updated.
Each facet of your business should prepare for a cyber threat with standards of cybersecurity and security measures. Cybercrime attacks can reach any business from multiple endpoints and each can be devastating. Your business should work with software, cybersecurity professionals, and IT professionals to develop a cybersecurity plan as well as use artificial intelligence (AI) to make more intelligent cybersecurity predictions.
Be sure to develop a cybersecurity incident plan so that your business is prepared to mitigate an attack once (or if) it occurs. The business cybersecurity incident plan should account for data backups, business stoppages, and contingency plans.
Adopt firewalls, anti-virus software, malware attack protection, privilege access, and employee monitoring software. You should require multi-factor authentication with all your employees and have them regularly change their passwords.
By SoftActivity Team