Cybersecurity threats in 2021: Where are our vulnerabilities now?
Alex Sayavedra, Brandon Jaster
Last year, the world witnessed a significant rise in several cybersecurity threats driven by the advent of the coronavirus. Savvy cybercriminals began exploiting vulnerabilities in new ways, because of the new work-from-home culture that the pandemic created. Unsecured home devices were being hacked. New phishing schemes were being launched leveraging keywords like “virus diagnosis” and “stimulus package.” Common tech tools were being exploited, like Windows PowerShell. Zoom credentials were being stolen.
One year later, where do we stand when it comes to our biggest security threats? Many of the same threats are still going strong as we move into 2021 and new vulnerabilities are emerging. Cybercriminals are doubling down on their successful schemes from 2020 and creating new ones to leverage today’s leading security vulnerabilities.
Threat #1: Perimeter expansion to employees’ homes
With the rise of a work-from-home culture in 2020, company perimeters now extend into employees’ homes. This makes it more challenging for security professionals to monitor their internal network through traditional perimeter monitoring and access controls, such as firewalling and network intrusion detection systems. What is more, 84% of IT leaders anticipate broader and more permanent work-from-home adoption beyond the pandemic, which means that this challenge will continue in 2021 and beyond.
To combat these risks, IT teams will need to focus and improve on effective endpoint management solutions, such as mobile device management (MDM) tools and secure access service edge (SASE). These solutions enable better visibility and control over data, including on any third-party apps, like Zoom, Slack and Office 365. This will also extend to traditional endpoint security tooling by ensuring that security tools such as anti-malware are installed, patches are up-to-date, secure configurations are set, and endpoints are protected.
Threat #2: Third-party hacks gain criminals’ attention
With the successful hack of SolarWinds and, subsequently, its 300+ client base, and many other third-party-based breaches in the past, more companies are paying attention to their third-party risk management programs. This speaks to the increased sophistication, complexity and persistence of threat actors.
To prevent a similar third-party breach from impacting their networks, corporate mergers and acquisitions (M&A) and licensing management functions need to become more closely aligned with their governance, risk and compliance teams. One critical step is conducting a thorough security audit of all third-party vendors. This intra-organizational collaboration will also better prepare organizations for the future of increased compliance regulations that will force a baseline for more comprehensive and robust third-party risk management programs.
Threat #3: Ransomware attacks on the rise
Ransomware was a growing area of attack in 2020, with a 300% increase by April, according to the FBI, and a seven-fold rise in attacks by mid-year. Ransomware attacks are on track to continue being a leading threat in 2021.
One of the drivers is that more companies are purchasing ransomware insurance. This fact has not escaped cybercriminals’ attention. Because companies have insurance, they will pay off the ransoms to have their data decrypted quickly rather than try to fight it. As a result, the criminals receive a quick win.
Preventing ransomware attacks is accomplished with a back-to-basics approach that includes stronger security hygiene. This includes tactics like timely patching, enforced least-privilege access policies and regular backups with safe storage.
Threat #4: New email phishing scams
2020 continued the trend of increasing the volume and complexity of email phishing attacks. Cybercriminals use phishing to distribute malware, steal credentials and scam users out of money. Studies found that users were three times more likely to click on a phishing link and give away their credentials at the start of the pandemic. A survey conducted mid-2020 reported that 38% of respondents said a coworker fell victim to a phishing attack within the last year.
While 2020 did not introduce a fundamental change to phishing, cyber threat actors did adjust tactics to leverage different keywords throughout the year, as people gained interest in new topics. Keywords such as “pandemic” and “COVID” became popular in the earlier parts of the year, and as “vaccines” and “stimulus checks” became relief options, attackers added these emotionally-charged keywords to their phishing vocabulary.
There is no single solution to prevent malicious email from coming through, but combinations of well-tuned tools and well-educated staff will reduce your chances of falling victim to phishing emails:
- Implement the technical security controls built into your email platforms.
- Add an “external” banner to emails coming from outside your organization.
- Apply email analytics tools that can detect emails coming from untrusted sources, or from newly created “burner” email accounts and domains.
- Establish a robust security awareness program for employees, so they can serve as a last line of defense against phishing attacks.
- Consider implementing mock phishing tests against your own organization, so employees know what to do when they receive something that looks phish-y.
What is your cybersecurity risk score?
Understanding the maturity of your organization’s cybersecurity program is critical — so you can make informed decisions to defend against threat actors and their tactics, techniques, and procedures (TTPs). This Cybersecurity Risk Self-Assessment is a suitable place to start. By answering these simple questions about your cybersecurity technology, processes and people, you will receive a cybersecurity risk score against our benchmark and discover common security gaps in your environment that you may not be aware of.
Recent Posts
UK Financial Services Prepare for January 2025 DORA Implementation
November 1st, 2024
Dispelling Myths About Running OpenStack Clouds
August 19th, 2024
Why You Need Proactive Modern Operations in a Complex IT World
August 7th, 2024