Will 2021 be the year for multi-level data extortion?

51
Will 2021 be the year for multi-level data extortion

Security leaders say that as enterprises fast-tracked the shift to cloud platforms in 2020, conventional security measures have been deeply impacted

The business environment during 2020 has driven enterprises to opt for digital transformation to cloud services, faster than ever before. The situation needed agile planning and flexibility, but also added multiple layers of complexity.

Since the time that enterprises had for meeting the new normal demands was limited, there wasn’t enough due diligence for setting up the cloud services, especially with limited internal know-how. The resulting solutions were not ideal or fully secure.

The chaos during the initial stages of the pandemic also saw a rise in detection and exploitation of security liabilities in partnership with regularly used tools like Microsoft Teams and Zoom video that were deemed critical to maintain communication between colleagues.

Leaders predict that organizations will pay even greater attention to cloud services in the coming year due to their increased importance and popularity. Misconfigured cloud database instances observed higher attacks. It led to high volume data breaches or malicious and stealthy form jacking breaches.

2021_IT_Will 2021 be the year for multi-level data extortion_Lewie_dunsworth_MN_29122020
Lewie Dunsworth, CEO at Nuspire

Enterprises faced severe budget cuts in 2020, and it’s predicted that the trend will continue in 2021 as well. Lewie Dunsworth, CEO at Nuspire, says,” 2021 may be the first year where CISOs are asked to reduce budgets so that funds can be invested in other areas of the business such as digital transformation efforts. It is like asking a sprinter to run slow–it’s going to be very difficult for CISOs to get comfortable with making do with what they have, shifting their mindsets to a “have to do,” “need to do,” and “want to do” perspective.”

This will prove to be a disadvantage for security measures as attackers have expanded their foothold into cloud platforms and targeted serverless apps, container frameworks, and API services with all the relevant automation scripts. Conventional security practices often fall short of saving the new workloads.

Read More: Data Security Consequences of risks posed by Collaboration Tools

To meet this situation, leaders will need to increase their talent pool that is well-versed in mitigating such attacks. Dunsworth says, “CISOs will look to outsource roles that they’ve traditionally supported in-house, such as security engineers and analysts, instead of investing in more specific jobs, such as cloud security architects, cloud compliance resources, etc.”

Cybercriminals have exposed new segments for extortion attacks. They have bought forward new profitable markets right from IoT to industrial OT devices in the cloud environment, which have proved to be very beneficial for them. A lucrative business model was created with the data extortion model in 2020. Enterprises who were victims of blackmail and doxing threats were more pressured into paying the ransom.

CISOs say that it is obvious that 2021 will be the year for increased data protection. Keeping in mind the high pace at which cybercriminals have adjusted their strategies, a comprehensive and holistic approach is required. It is imperative that it should automate and unify cybersecurity and data protection.

This will help organizations to adapt to rapidly changing threats easily. They require visibility into and integration of the cloud and their infrastructure to know what is happening to the data at any given time.

Automation is also necessary to effectively cope with the higher complexity and increased data attacks that will potentially occur in 2021.