Few could have predicted that 2020 would be dominated by COVID-19.
As governments worldwide encouraged people to stay home, to control the pandemic, thousands began working from home and businesses accelerated their digital transformation plans. While this had some huge benefits, it also highlighted the vulnerabilities of enterprise security.
With so many employees accessing corporate networks from remote locations, on sometimes unprotected devices, cybercriminals took note and exploited these endpoints to try and gain access to corporate data.
These attacks, if successful, can cost companies millions. In fact, Ponemon Institute’s Cost of a Data Breach Report 2020 states the average cost of a data breach is $3.86 million.
As businesses continue to champion remote working long-term and threat actors become more sophisticated, these risks need addressing. Let’s take a look at my top cyber predictions for 2021.
Ransomware was the most observed threat in 2020 and became more dangerous than we’ve ever seen.
Initially blocking access to systems, devices or data for a ransom, attacks have transitioned into encrypting systems and using cryptocurrency as a form of payment and now they are finding ways to become self-spreading.
According to one estimate, ransomware accounted for 81% of financially motivated cyberattacks in 2020 and global attacks rose by 110%.
Cyber criminals are establishing new profitable and scalable business models, which will give rise to even more ransomware attacks in 2021 and beyond.
Alongside finding new ways to infect businesses with ransomware, through Virtual Private Networks and mobile phones, they are also starting to steal company data, thereby turning ransomware attacks into data breaches and extortion.
Threat actors are even using public channels such as media outlets and websites to extort their victims, which can lead to reputational damage, making businesses feel more pressured to pay.
Solutions like Cyber Insurance, Breach Response and Forensics Services or Managed Security Information and Event Management (MSIEM) can help protect your business. As can simple steps like encouraging cyber awareness amongst your teams and backing up data in the cloud.
The pandemic also became a fertile ground for malicious campaigns as cyber criminals leveraged the uncertainty and anxiety around COVID-19 for their social engineering attacks.
Effective social engineering attacks are believable because they are consistent with what’s happening around the victim, whether it’s current events, activity in the workplace, or events in their personal life. So it’s perhaps no surprise that they preyed on such an obvious topic.
As the fight against coronavirus continues into 2021, scammers will continue to use the virus to trick people into sharing sensitive information, using fraudulent emails, spam, and phishing attempts around vaccine-related issues and other health response efforts.
Your best line of defense is to educate your employees and tighten up your authentication processes with either multi-factor authentication or a Zero-Trust model.
The number of cloud users grew last year and will continue to do so as businesses turn more to cloud environments to support remote and flexible ways of working.
With larger amounts of sensitive data in motion, cybercriminals are much more likely to target your cloud solutions, quickly integrating newly disclosed flaws and vulnerabilities in popular software into their campaigns.
In addition, the increasingly dense overlay of numerous connected devices, apps and web services used in our professional and private lives will grow the cloud attack surface.
While this threat isn’t new, what is new is the blend of information flowing from personal and business devices and the increasing remote access to cloud-based products like Zoom, Microsoft Teams and Office 365 as employees log on from home.
Transfer of sensitive information over unsecured or unsanctioned channels such as instant messaging apps or personal emails, will start to play a key role in data breaches and leaks.
Remote workers are the low-hanging fruit here. Rather than focusing on protecting the network infrastructure, businesses need to focus on the connections and move to user-centric security controls, such as Zero-Trust architectures.
For example, Network as a Service (NaaS) revolves around the employee rather than network topology. Each employee and device gets a unique identity, regardless of where and how they connect, which is then used for authentication at every stage - not only during the initial link up.
Educating employees on security policies and working with cloud providers who already integrate security within their offering is also an important part of protecting your business.
Rather than attacking large firms, which have complex and mature security systems, threat actors have begun to turn their attention to smaller suppliers with less-sophisticated protection. There will also be more attacks where cyber criminals target large organisations to infiltrate their extensive supplier and customer base.
Either for political or economic reasons, supply chain attacks will likely affect industry verticals that have rarely been hit in the past, such as real estate or healthcare.
With this in mind, businesses of all sizes, in all sectors need to be prepared.
For small and medium-sized enterprises that means making sure they aren’t the weakest link in the supply chain by carrying out vulnerability assessments, protecting endpoints and networks and training employees. Whereas multi-national companies will want to make sure suppliers match their levels of security by conducting vendor management assessments and setting new standards of compliance.
As ways of working have changed, its obvious businesses need to adapt their security policies more closely with their changed business models. This means undertaking a proper assessment of their IT assets, devices and security solutions, in order to identify the gaps, potential risks and vulnerabilities.
Learn more about how to improve your cybersecurity.
Around the globe, our network reaches 182 countries.
We provide the physical network and the management and control function.
Gartner names Vodafone as a Leader in its 2020 Magic Quadrant for Network Services, Global.