Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...- Mid-sized
We all will remember the year 2020 for as long as we live. It brought the worst pandemic in 100 years and a massive shock to our global systems. COVID-19 prompted a surge in working from home, and as of the end of 2020, an estimated 20% of workers are working exclusively from home. Even more workers are working part of their time at home. In addition to their traditional strategies and crimes, hackers are now capitalizing on uncertainty surrounding COVID-19 as well as working from home to expand their cyber weapon arsenal. There are several threats security professionals should prepare for in 2021, and fortunately, security teams have a variety of tools at their disposal to combat these threats.
The increase in teleworking and working from home will be a serious challenge for security professionals in 2021. Laptops and home-based internet connections don’t have the strong security controls that most are used to. With a business’ network spread widely over less secure laptops and connections, there is more opportunity for hackers to target the weak spots and for employees to make a mistake. All it takes is opening email links, connecting to the wrong wi-fi, or forgetting a critical security measure for a whole system to be compromised.
Additionally, hackers are capitalizing on COVID-19 to increase and improve their phishing scams. More cyber attacks are being perpetrated through the phishing scams related to healthcare, Medicare benefits, and government relief payments. Some hackers are using the guise of being a charitable organization attempting to raise money for COVID-19 aid.
What’s more, 2021 may bring an escalation to the “digital cold war”. In late 2020, the world learned that the firm SolarWinds was the subject of a cyberattack (most likely by Russians) that specifically targeted their system to manage IT resources. This case is particularly significant for a couple reasons. For one, this attack targeted a private firm with the intention of spying on their clients (including Government agencies and large corporations) and not entirely SolarWinds itself. The hackers entered their system through compromised software updates, and the IT security team unwittingly helped the attack succeed. Unlike many attacks seeking money and assets, this attack may have been primarily focused on obtaining national defense and industry secrets for nation-states. Security threats in 2021 may continue to go beyond simple cash grabs as nation-state sponsored attacks attempt to get intellectual property. This attack was disturbing because it did not target defense and other government contractors specifically, but rather a secondary company who served them. American firms in particular should take special notice of this threat in 2021as a new presidential administration takes office.
Another emerging threat in 2021 include deepfake audio and video as this technology continues to improve. Deepfakes are media clips that have been manipulated using artificial intelligence to look nearly identical to the real thing. These fakes are especially concerning for companies with CEOs who produce a lot of media content that could be manipulated. As a cyberthreat, deepfakes would most likely be used as part of a phishing scam with the intention of extracting money and information from that firm. Even with the rise of deepfakes, the overwhelming majority of cyberattacks will use traditional technology like phone calls and emails where the hackers impersonates someone else like a company employee, government representative, or relative.
Cloud jacking is becoming another common strategy used by cybercriminals. Cloud computing enables companies to quickly expand and retract the amount of computing power and storage they need. Cloud computing offers real benefits, but it’s also presents an opportunity for hackers. Enter cloud jacking or cloud hijacking. Cloud jacking often centers on misconfigurations in cloud computing settings. This can lead to large data breaches that expose company data on the cloud to the world.
Other novel potential cyberthreats in 2021 include social media disinformation, viruses targeting the IoT (Internet of Things), as well as attacks on the emerging technology of 5G. Some experts are even worried that quantum computers could become serious cyber threats if hackers are able to get their hands on computers powerful enough to break encryption keys. Some of these threats may be overblown, while others could be underestimated. Regardless of the specific emerging threat, 2021 will see cybercriminals continue to expand their arsenal for attacks. In 2021 and beyond, hackers will capitalize on any opportunity they can and it’s only a matter of time before the threats described above become commonplace. As the general working public’s use of technology continues to change (like working from home, IoT, and cloud computing) and becomes more commonplace, cybercriminals will find new ways to exploit the increased use of this technology.
2021 will surely see innovative, cunning hackers develop new ways to capitalize on changing society and emerging technology. However, cybercriminals will also stay with their tried-and-true approaches, even while continuing to improve them. Phishing and ransomware attacks will remain substantial threats in 2021. Phishing attacks will continue and will use the newest information and potentially even deepfake technology to make them even more believable. Hackers will also expand their ransomware threats, and just like real viruses, cyber-viruses are constantly changing and adapting to become more effective. Ransomware attacks are predicted to cost businesses over $20 billion in 2021 and over 91% of those attacks are initiated by a phishing email. Even as new cybersecurity threats emerge in 2021, the majority of cyberattacks are expected to continue through traditional means.
New threats in 2021 are becoming more sophisticated and continue to challenge even the best security professionals. Adding to the cybersecurity industry’s challenge is the fact that an estimated 3.5 million cybersecurity jobs will be available but unfilled in 2021. Complicating matters even further is the fact that the majority of the people applying for those unfilled jobs are not qualified, and are instead being trained to operate artificial intelligence security software to do most of the heavy lifting.
This gap between security need and competent cybersecurity professionals continues to grow and is creating a significant threat in its own right. This lack of cyber experts means that many security teams are understaffed and under gunned. And to compound this problem further, competent security professionals are often over worked and their high demand means that the best are lured away by lucrative offers elsewhere. One of the biggest cybersecurity threats in 2021 may be that there are simply not enough guards on watch duty to prevent even the most basic of attacks.
Whether it's through a “digital cold war”, increased working from home, deepfakes, or cloud jacking, 2021 will surely bring innovative threats and persistence that will challenge cybersecurity experts. It’s a constant struggle to stay ahead of new attacks, but to prevent the most sophisticated attacks firms will likely need premier state-of-the-art technology combined with leading security professionals. Ironically, some of the worst cyber-attacks originate as very basic schemes. One of the best ways to prevent cyberattacks is through traditional, simple security measures.
Firms can do well preventing an attack through two relatively easy strategies – cybersecurity training for all employees and stress-testing their current capabilities.
One of the most cost-effective security strategies is simply to train employees about common threats and how to prevent them. After all, even sophisticated security software is less effective, or completely ineffective, if an employee unwittingly grants the hackers access. And despite its simplicity, only 45% of companies have mandatory cybersecurity training. Training should educate staff to be highly skeptical of email links, to use secure systems and safety protocols anytime they are working from home, never using USB drives, using only legitimate websites, and complying with the company’s acceptable use policy. A recent cybersecurity report showed that 95% of security breaches are caused by human error. As such, hackers rely on mistakes to succeed and employees need to be extremely careful to not make those mistakes. Some cybersecurity training will need to be more in-depth and industry specific, but the majority of attacks can be prevented if employees don’t make critical mistakes.
Additionally, have security teams run drills and scenarios that first test employee’s with a simulated phishing scheme and then secondly simulate the steps needed in the event of a major security breach. The best way to minimize the damage of any attack is to know exactly what steps are needed to prevent the spread and be sure the whole team understands how to react accordingly. Top security teams, like top athletic teams, practice and drill with simulations so they are comfortable if and when the real thing happens. Maybe just don’t promise employees holiday bonuses as part of the phishing test.
2021 is going to bring novel cybersecurity threats. Their exact nature is unclear, but hacker could capitalize on the increase in working from home and COVID-19 while employing strategies focused on cyber-espionage, cloud jacking, deep fakes, and even cloud and quantum computing. Even as these threats develop, cybercriminals will keep using improved, yet traditional, phishing and ransomware attacks. And the cyberthreats are all occurring even as the cybersecurity field remains understaffed. In order to respond to the threats in 2021, cybersecurity professionals will need to focus on training staff and running threat assessments as they try to stay one step ahead.
Reach out to us. We’d love to learn more about your IT needs and challenges. Your security is Cetrom’s #1 priority.
Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...- Mid-sized