We’ve taken a look at the security threats that we are still facing in 2021.
The pandemic threw many companies into disarray as they had a complete lack of operational infrastructure to support remote working. As we come out of the pandemic, many companies have realised the benefits of their teams working from home and are either offering fully remote working or at least a combination of office and remote working as a balance.
However, gaps in businesses IT infrastructure created the perfect scenario for cyber criminals to exploit and infiltrate companies and obtain their data.
Exploiting remote access solutions such as VPN (Virtual Private Networks) and RDP (Remote Desktop Protocol) with poor password security and VPN vulnerabilities., have given rise to stolen data and ransomware planted.
Also, Cyber attackers have been able to access an employee’s email or other messaging account and respond to existing conversations. This is called Thread Hijacking Attacks. The responses Cyber attackers make on your behalf contain links to phishing sites or malicious attachments so that the attacker can expand their access to your network. These kinds of attacks have risen considerably particularly as employees increasingly communicate via alternative platforms.
Remote working has also increased attacks as a result of company devices being outside the perimeter of your cyber defences. These are known as vulnerable and compromised endpoints. This will continue to remain a problem so long as remote working continues and devices that are less likely to be up to date on patches nor compliant with your company policy, remain an easy target for cyber criminals.
The criminals are still phishing.
This is the most effective form of cyberattacks because it is easy to gain access to your networks and systems through this method. By tricking an employee into handing over sensitive data such as login credentials to run malicious malware on a company computer is far easier to accomplish than through other means. Phishing will continue to be a long-term problem for us beyond 2021
If your business has adopted Zoom or Slack for example, and if your cyber security training has focused on email attacks, then your teams do not acknowledge the threat posed by these platforms. Your employees often think of Zoom as only being accessible by legitimate users, which is not the case. As a result, an increase on cyber-attacks on these platforms has been as a result of a lack of acknowledgement of the danger these platforms pose your business.
The adoption of the cloud
The Cloud has provided the flexibility, scalability and accessibility that we all needed for a remote workforce in the pandemic.
However, whilst many businesses adopted the Cloud technology, the security that was needed for it, was severely lacking. Compared to an on-premises solutions, the cloud poses different security issues and many businesses did not comprehend the severity of potential attacks posed by being in the cloud, leaving their teams compromised and their business at risk.
Cloud Security is a must particularly if you are using multiple vendors to fulfil your operational needs. Gartner predicts that 99% of cloud security incidents through to 2025 will be the customer’s fault.
Extorted not once but twice by Ransomware
In recent years, Ransomware has grown in threat. There have been several high-profile attacks and this rapid increase has proven very profitable for the cyber criminals. On average a new victim of ransomware occurs every 10 seconds worldwide costing businesses $20 billion in 2020 increasing 75% on the previous year.
Also, unbelievably, Ransomware as a Service (RaaS) has increased significantly, allowing operators of this service to provide less capable security threat attackers the opportunity to obtain high-quality malware.
The double extortion method steals sensitive data as well as encrypting files and demanding money for their release. If the ransom is not paid, then it is posted online and sold to the highest bidder.
Mobile devices are a new focus
Bring your own devices (BYOD) has been increasing with businesses as it was acknowledged that people may feel more comfortable using their own tech.
However, using personal devices for company work posses a whole new cyber security risk to your business. These devices can be targeted exceedingly well by cyber attackers as the security on personal devices is not as sophisticated as that of your own business.
With a lack of cyber security awareness as well, it is obvious that an increase of malicious mobile applications has increased as well. 46% of companies reports that at least one employee has accidentally downloaded a malicious mobile application.
Sophistication in the Cyber threat environment
Cyber attackers are forever developing new techniques to attacks businesses and as one avenue is blocked then another is created by criminals to overcome the defence implemented.
Many businesses have outdated security patches that leave them exposed to the new ways that cyber criminals infiltrate their businesses. Generation V Cyber-attacks for example which include large scale multi-vector attacks across and entire industry or business. Leaks of advances hacking tools provide the solutions the criminals need to infiltrate your business.
Zero-Day Attacks
These attacks are exceedingly damaging to your business as your known cyber defences are useless against them.
In essence Zero-Day attacks look for a vulnerability to be exploited before a patch is accessible or has been deployed. These kinds of cyber-attacks are increasing significantly with over 23,000 discovered each year. Your business is unable to apply patches of updates quick enough for these meaning your weak spots in your cyber security are left open for longer.
So how do you mange your Cyber threat landscape in 2021?
2020 meant that the world had to develop quickly in the tech it needed to sustain business but also highlighted what had to be done to protect it. 2021 we are facing so many cyber security challenges.
One thing is key: working with IT cyber security specialists that can identify the potential threats and gaps to your industry. The support you to implement the security and monitoring your business needs to protect your teams, your data and ultimately your business operations from threats.