In 2020, there were many drastic changes globally as enterprises to adapt to the new normal. Organizations learned the hard way that IT strategies need to stay flexible. In 2021, there will be another significant shift with the rise of new intelligent edges, which is about more than just users and devices remotely connecting to the network.
2020 has been an outlier in many ways, including cyber threat trends. In a span of few weeks, businesses, the world economy, education systems, and more were altered unrecognizably.
Yet, as the world adjusted to the new realities of the pandemic, technology continued to advance, markets continued to grow, and cyber threats continued to evolve. Threat actors have taken advantage of the fear associated with the COVID-19 crisis, and phishing and social engineering attacks have skyrocketed.
Paul Colwell, CTO at OGL Computer and CyberGuard Technologies says, “2021 will see further growth in the need for “visibility” of network activity. Software developments such as the use of AI, high-performing integrated cybersecurity dashboards, real-time and cloud monitoring as well as regularly scheduled internal checks by specialists will allow the effective monitoring, tracking and response to network events.”
“The security of cloud data will increasingly become the responsibility of the user. Two-factor authentication for VPNs and Office 365 access will be a must. And, as in 2020, the popularity of next-generation anti-virus services such as Carbon Black and Kaspersky AV will grow with the need for enhanced security for off-network devices”, he adds.
Let’s look at some of the top cybersecurity threats that will likely have the most significant impact on businesses in 2021.
The rise in Ransomware Attacks
Security experts believe ransomware attacks will not slow down in 2021, given the continued and growing success that threat actors have had, in extorting sizeable ransoms from victims this year.
In 2021, attacks will only get qualitatively worse as cybercriminals become more organized and targeted in their campaigns, and ransomware tools become easier to obtain and deploy.
Hackers are using the coronavirus crisis as an entry point to wreak havoc on personal lives and professional businesses. From fake COVID-19 related inspections to phony IRS emails, hackers exploit the fears and concerns of the public to their advantage.
In 2021, cybercriminals will continue to use the COVID-19 pandemic as a theme for their phishing campaigns. Organizations need to educate employees on the common characteristics of these types of attacks. They should also consider integrating employee monitoring software into a comprehensive cybersecurity plan to protect against phishing attacks.
Risks Associated with User devices
Employees working remotely use devices that aren’t patched, managed, or secured by the corporate IT team. This increases the organization’s attack surface and gives cyber criminals inroads into the network that bypass perimeter security. Sensitive company data stored on these devices further increase the risk of a data breach.
When it comes to the threats that will come to the fore in 2021, Heidi Shey, Principal Analyst serving Security and Risk Professionals with Forrester Research, believes insider incidents will be an area of increased concern. “Pandemic-related uncertainty and remote work environments have collided to create the ideal conditions,” she explains. “We expect one-third of security breaches will be caused by insider threats in the coming year, up from 25% today. These may be due to accidental or inadvertent data misuse or malicious intent. As part of their defense, firms should add capabilities for detecting insider threats, and improve the employee experience.”
As employees return to the office, there will be a steady increase of applications offered by cybercriminals with the promise of increased productivity tools to ease the transition to the office. New attack vectors will emerge, targeting remote devices used by workers splitting time working from the office and remotely.
Increasing Attacks on the IoT
Organizations are increasingly implementing applications and IoT devices to capture data, enhance customer service, remotely control, and manage infrastructure. Many IoT devices lack security, making them vulnerable to attacks. Threat actors can gain control of devices for use in botnets and leverage IoT weaknesses to access the network.
Nigel Thorpe, Technical Director at SecureAge, says, “The growth of connected devices from smart light bulbs to digital assistants can give cybercriminals access to home networks. From there, the jump to an employee’s laptop and into the corporate network is relatively easy. But IoT security is still woeful and is not going to change anytime soon”.
“Even trusted technologies for securing remote workers such as multi-factor authentication (MFA) and Virtual Private Networks (VPNs) do not defend against a cybercriminal who has hacked their way onto the home PC,” he adds.
Growing Numbers of Cloud Breaches
Cloud architecture provides customers with full flexibility in running virtual machines and creating new instances that can match any software or hardware environment. But if not properly secured, flexibility can let bad actors launch attacks and continue to do so as they maintain control over the initial assault.
Customers should implement cybersecurity features and configure them correctly. Cloud misconfigurations are one of the common reasons for data breaches, and the number is expected to increase as more businesses adopt cloud services to support remote working.