December 31, 2021

Top Cybersecurity Threats to Prepare for in 2021

We all will remember the year 2020 for as long as we live. It brought the worst pandemic in 100 years and a massive shock to our global systems. COVID-19 prompted a surge in working from home, and as of the end of 2020, an estimated 20% of workers are working exclusively from home. Even more workers are working part of their time at home. In addition to their traditional strategies and crimes, hackers are now capitalizing on uncertainty surrounding COVID-19 as well as working from home to expand their cyber weapon arsenal. There are several threats security professionals should prepare for in 2021, and fortunately, security teams have a variety of tools at their disposal to combat these threats.

New Year, New Threats

The increase in teleworking and working from home will be a serious challenge for security professionals in 2021. Laptops and home-based internet connections don’t have the strong security controls that most are used to. With a business’ network spread widely over less secure laptops and connections, there is more opportunity for hackers to target the weak spots and for employees to make a mistake. All it takes is opening email links, connecting to the wrong wi-fi, or forgetting a critical security measure for a whole system to be compromised.

Additionally, hackers are capitalizing on COVID-19 to increase and improve their phishing scams. More cyber attacks are being perpetrated through the phishing scams related to healthcare, Medicare benefits, and government relief payments. Some hackers are using the guise of being a charitable organization attempting to raise money for COVID-19 aid.

What’s more, 2021 may bring an escalation to the “digital cold war”. In late 2020, the world learned that the firm SolarWinds was the subject of a cyberattack (most likely by Russians) that specifically targeted their system to manage IT resources. This case is particularly significant for a couple reasons. For one, this attack targeted a private firm with the intention of spying on their clients (including Government agencies and large corporations) and not entirely SolarWinds itself. The hackers entered their system through compromised software updates, and the IT security team unwittingly helped the attack succeed. Unlike many attacks seeking money and assets, this attack may have been primarily focused on obtaining national defense and industry secrets for nation-states. Security threats in 2021 may continue to go beyond simple cash grabs as nation-state sponsored attacks attempt to get intellectual property. This attack was disturbing because it did not target defense and other government contractors specifically, but rather a secondary company who served them. American firms in particular should take special notice of this threat in 2021as a new presidential administration takes office.

Another emerging threat in 2021 include deepfake audio and video as this technology continues to improve. Deepfakes are media clips that have been manipulated using artificial intelligence to look nearly identical to the real thing. These fakes are especially concerning for companies with CEOs who produce a lot of media content that could be manipulated. As a cyberthreat, deepfakes would most likely be used as part of a phishing scam with the intention of extracting money and information from that firm. Even with the rise of deepfakes, the overwhelming majority of cyberattacks will use traditional technology like phone calls and emails where the hackers impersonates someone else like a company employee, government representative, or relative.

Cloud jacking is becoming another common strategy used by cybercriminals. Cloud computing enables companies to quickly expand and retract the amount of computing power and storage they need. Cloud computing offers real benefits, but it’s also presents an opportunity for hackers. Enter cloud jacking or cloud hijacking. Cloud jacking often centers on misconfigurations in cloud computing settings. This can lead to large data breaches that expose company data on the cloud to the world.

Other novel potential cyberthreats in 2021 include social media disinformation, viruses targeting the IoT (Internet of Things), as well as attacks on the emerging technology of 5G. Some experts are even worried that quantum computers could become serious cyber threats if hackers are able to get their hands on computers powerful enough to break encryption keys. Some of these threats may be overblown, while others could be underestimated. Regardless of the specific emerging threat, 2021 will see cybercriminals continue to expand their arsenal for attacks. In 2021 and beyond, hackers will capitalize on any opportunity they can and it’s only a matter of time before the threats described above become commonplace. As the general working public’s use of technology continues to change (like working from home, IoT, and cloud computing) and becomes more commonplace, cybercriminals will find new ways to exploit the increased use of this technology.

Old Threats, Reimagined

2021 will surely see innovative, cunning hackers develop new ways to capitalize on changing society and emerging technology. However, cybercriminals will also stay with their tried-and-true approaches, even while continuing to improve them. Phishing and ransomware attacks will remain substantial threats in 2021. Phishing attacks will continue and will use the newest information and potentially even deepfake technology to make them even more believable. Hackers will also expand their ransomware threats, and just like real viruses, cyber-viruses are constantly changing and adapting to become more effective. Ransomware attacks are predicted to cost businesses over $20 billion in 2021 and over 91% of those attacks are initiated by a phishing email. Even as new cybersecurity threats emerge in 2021, the majority of cyberattacks are expected to continue through traditional means.

2021 Brings New Threats Combined with a Shrinking Cybersecurity Workforce

New threats in 2021 are becoming more sophisticated and continue to challenge even the best security professionals. Adding to the cybersecurity industry’s challenge is the fact that an estimated 3.5 million cybersecurity jobs will be available but unfilled in 2021. Complicating matters even further is the fact that the majority of the people applying for those unfilled jobs are not qualified, and are instead being trained to operate artificial intelligence security software to do most of the heavy lifting.

This gap between security need and competent cybersecurity professionals continues to grow and is creating a significant threat in its own right. This lack of cyber experts means that many security teams are understaffed and under gunned. And to compound this problem further, competent security professionals are often over worked and their high demand means that the best are lured away by lucrative offers elsewhere. One of the biggest cybersecurity threats in 2021 may be that there are simply not enough guards on watch duty to prevent even the most basic of attacks.

How Can You Prepare?

Whether it's through a “digital cold war”, increased working from home, deepfakes, or cloud jacking, 2021 will surely bring innovative threats and persistence that will challenge cybersecurity experts. It’s a constant struggle to stay ahead of new attacks, but to prevent the most sophisticated attacks firms will likely need premier state-of-the-art technology combined with leading security professionals. Ironically, some of the worst cyber-attacks originate as very basic schemes. One of the best ways to prevent cyberattacks is through traditional, simple security measures.

Firms can do well preventing an attack through two relatively easy strategies – cybersecurity training for all employees and stress-testing their current capabilities.
One of the most cost-effective security strategies is simply to train employees about common threats and how to prevent them. After all, even sophisticated security software is less effective, or completely ineffective, if an employee unwittingly grants the hackers access. And despite its simplicity, only 45% of companies have mandatory cybersecurity training. Training should educate staff to be highly skeptical of email links, to use secure systems and safety protocols anytime they are working from home, never using USB drives, using only legitimate websites, and complying with the company’s acceptable use policy. A recent cybersecurity report showed that 95% of security breaches are caused by human error. As such, hackers rely on mistakes to succeed and employees need to be extremely careful to not make those mistakes. Some cybersecurity training will need to be more in-depth and industry specific, but the majority of attacks can be prevented if employees don’t make critical mistakes.

Additionally, have security teams run drills and scenarios that first test employee’s with a simulated phishing scheme and then secondly simulate the steps needed in the event of a major security breach. The best way to minimize the damage of any attack is to know exactly what steps are needed to prevent the spread and be sure the whole team understands how to react accordingly. Top security teams, like top athletic teams, practice and drill with simulations so they are comfortable if and when the real thing happens. Maybe just don’t promise employees holiday bonuses as part of the phishing test.

The Bottom Line

2021 is going to bring novel cybersecurity threats. Their exact nature is unclear, but hacker could capitalize on the increase in working from home and COVID-19 while employing strategies focused on cyber-espionage, cloud jacking, deep fakes, and even cloud and quantum computing. Even as these threats develop, cybercriminals will keep using improved, yet traditional, phishing and ransomware attacks. And the cyberthreats are all occurring even as the cybersecurity field remains understaffed. In order to respond to the threats in 2021, cybersecurity professionals will need to focus on training staff and running threat assessments as they try to stay one step ahead.

Reach out to us. We’d love to learn more about your IT needs and challenges. Your security is Cetrom’s #1 priority.

Contact Us

Is Copilot An Accountant’s New Best Friend?

Creativity may not be the first trait that comes to mind when considering what happens at a CPA firm. However, accountants often find themselves in..
March 25,2024

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...

- Mid-sized
View All

One of the things we appreciate wholeheartedly about working with Cetrom is how great the people in the service area are and the high-level of responsiveness we have received. I’ve been very pleased..

- Mid-sized
View All

Cetrom’s services and support really stood out against the other cloud vendors. We thought their Citrix delivery platform would have a higher level of adoption because our employees would have the..

- Mid-sized
View All

Our accounting services users working in the field have greatly benefited from our migration to the cloud. They’re now able to be much more efficient while working in a client’s office because they..

- Mid-sized
View All

The decision to migrate to the cloud was one of the best business decisions Rub & Brillhart has made. It required an investment, but we have determined that our year two IT costs will be reduced by..

- Midwest
View All

Our migration process with Cetrom was very smooth and we had an excellent experience with their support during the demo process. We have 24/7 monitoring on our onsite equipment and they have the..

- Small
View All

We are extremely happy with the service and support we receive from Cetrom. Our staff is more efficient overall in our day-to-day activities and we don’t have any downtime. It’s a good feeling..

- Mid-sized
View All

Cetrom is an extremely cost-effective option for IT services. Not only do we receive significantly improved customer service, but we were also able to add a new VoIP system, better internet service,..

- Mid-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- Mid-sized
View All

We use two programs that often posed a challenge for our previous IT providers. Cetrom handled the situation professionally, coordinated with the software vendors, did all the backend testing, and..

- Mid-sized
View All

After interviewing and reviewing the proposals from various IT providers, it was really a night and day comparison about price, service, and performance—Cetrom was just outshining the others on every..

- Mid-sized
View All

I just want to drop you a line and let you know how pleased we are with our move to Cetrom. Your people knocked it out of the park for us and are doing a great job getting us up and working. On our..

- Small-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- 97%
View All

Cetrom’s Cloud Computing offers a high-quality, reliable and secure alternative to traditional IT management and provides immediate access to all my IT resources whether I’m in the office, at home or..

- High-quality,
View All

blog Archives

See all

Is Copilot An Accountant’s New Best Friend?

Creativity may not be the first trait that comes to mind when considering what happens at a CPA firm. However, accountants often find themselves in..
March 25,2024

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...

- Mid-sized
View All

Blog Archives

See all
Is Cetrom Your Cloud Services Solution?