Cybersecurity threats are a fact of modern life that puts all organisations and individuals at risk. With constant developments in the tools and tactics used by cybercriminals, there’s an ongoing need to be informed of the latest threats so you can be vigilant in defending against them. Here are some of the major threats that cybersecurity experts think will cause issues in 2021.
- Cloud’s popularity makes it a target
The more companies that use a technology, the more opportunities there are for criminals to exploit it. Over the last few years, the cloud has become the go-to infrastructure for companies undergoing digital transformation. Not only are there more businesses using the cloud; they are migrating more services to it. This global shift means the cloud has become an obvious target for cybercriminals.
While cloud providers invest heavily in expertise and security tools to protect their customers, cloud users need to be mindful of the risks. These include misconfigured storage which can leave sensitive data publicly accessible, incomplete data deletion and vulnerabilities in cloud apps. At the same time, companies that have complex infrastructures, such as multi-cloud and hybrid cloud, need to ensure that they have full control and visibility of their entire IT system.
- Vulnerability of remote workers
Remote working has become the new norm for millions of employees and this is a trend likely to continue in the future. As a result, cybercriminals have been quick to target the networks that remote workers use, many of which don’t have perimeter security. The areas being exploited include cloud-based remote working platforms, unpatched laptops and poorly secured VPNs. Companies need to ensure that robust endpoint security is in place, including the automatic patching of remote computers.
- Internal threats
Most companies don’t see internal threats as a major concern. However, according to Verizon, over a quarter of data breaches in 2020 involved company insiders, usually due to negligence but also through malicious activity.
To protect against these threats, organisations need robust data access protocols and should deploy monitoring tools that detect potential insider attacks so they can be investigated quickly. Things to be aware of are unauthorised logins, newly installed apps and devices, and the actions of users with device administrator privileges.
- Phishing attacks
Phishing attacks are nothing new but their threat remains significant in 2021. With their clever use of social engineering, many scams have focused on remote workers, sending them fake emails that pretend to come from inside the company.
Often used to con employees into giving login credentials or to activate malware, they enable cybercriminals to unleash ransomware, take over accounts, steal sensitive data, and various other malicious activities.
Companies should make use of scanning tools that filter out phishing emails, deploy email signing certificates that verify the authenticity of the sender and encrypt email contents, and train their staff to spot potential phishing emails.
- Ransomware attacks
Ransomware will continue to be a major threat in 2021, with cybercriminals developing more advanced tools and more sophisticated modes of attack. Indeed, Ransomware-as-a-Service is already being offered by some of the major gangs and DIY ransomware kits are cheaply available.
The advanced tools deployed are capable of outwitting endpoint security and quickly spread from device to device across a network, with catastrophic consequences. Devices and data are encrypted and data is stolen at the same time, enabling the criminals to charge twice – once for the decryption key and once to stop the gang dumping the stolen data online. Ransom amounts are frequently very high and data is often sold, even if the company pays to keep it hidden. Add to this the cost of disruption, reputational damage and data breach fines, and many businesses fail as a consequence.
To speed up recovery, it is vital that businesses have an effective backup solution in place.
- Social media attacks
The use of social media has increased significantly during 2020, mainly as a result of the lockdown. This has led to an increase in the numbers of businesses using the platforms, making them a target for cybercriminals.
Using advanced forms of phishing, they will set up fake accounts, pretending to be legitimate organisations, and from there will attract business users by offering whitepapers, webinars and free tools. To register, users will be sent to malicious websites where they will be asked to give personal information and credentials that can be used to hack into the business network. While social media channels deploy advanced security to try and protect against spurious links, the use of shortened URLs and QR codes can make this difficult.
The growth in remote working has meant that the use of video has become widespread over 2020. This has coincided with the development of deepfake technology which takes an image of an individual and uses AI and ML to create a virtual copy of them. This can be used to produce highly realistic videos of incidents that have not actually happened. Channel 4, for example, used the technology to create an alternative Queen’s speech last Christmas.
While the technology has a genuine use within the film and entertainment industry, it is also something which can be exploited by cybercriminals, such as to create phishing videos, fake training videos or even to blackmail employees into giving access to company systems.
While cybercrime remains a constant threat to businesses, the tools and methods of attack used by criminals are always developing. Hopefully, the seven threats mentioned here will help you put the right security in place to keep your systems and data secure in 2021.
For web hosting with robust, built-in security, visit our homepage.