The beginning of 2021 seems to be no less than a rollercoaster, from the vaccine rollout giving a ray of hope to nations being compelled into new lockdowns. But, remote working is certainly the new normal that is unlikely to change in the coming years. Thus, it is essential for businesses to learn from 2020 and revise their threat models to address the novel threat landscape.
According to Gartner, by 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10%. Moreover, the company predicts that by 2024, 60% of CISOs will establish critical partnerships with key executives in sales, finance, and marketing, up from less than 20%.
Here are some threats that organizations must be ready to face, in 2021.
Remote Employees and Unsecured Home Networks Pose a Risk
With remote working becoming a new norm, a new array of threats has entered the landscape. Vulnerable, unpatched, or poorly secured home network devices including those using IoT, routers, and other personal tools, that share the same network as office laptops, could likely be utilized by attackers as a doorway into an employee’s house network.
Unintended transfer of sensitive data, over unsanctioned or unsecured channels like personal email addresses, instant messaging apps, and other cloud-based services could also cause potential data breaches and leaks. Furthermore, with employees potentially sharing access to office devices with family members, the possibility of inadvertent loss, intrusion, or inadvertent leakage of sensitive data to unsanctioned parties also create a risk for companies.
Rise of Phishing Emails
The COVID-19 outbreak along with the remote working environment has served as a stimulant for the rise of phishing emails. Generally, phishing emails were easy to identify because of typing errors, poor language, and lack of authenticity. However, as a result of the pandemic, cybercriminals became more focused on writing phishing emails that had none of these evident red flags. Cybercriminals now use reader-specific jargon and also misuse legitimate logos of the businesses or companies they are imitating.
Therefore, remote workers and web users will have to be more careful whenever they receive messages promising exciting deals, discounts, or exclusive information.
Growing Supply Chain Threats
Cybercriminals are more focused on supply chain attacks than bigger targets. Just like “cold chain” attacks on businesses that offer transportation for COVID 19 vaccines, or attacks on regulators that manage vaccine documentation, supply chain attacks will probably become popular in 2021.
Avoid Repeating 2020
2020 was a tough year for all businesses. Although the world is now on the right track for recovery, there is still a long way to go and lessons to be learned. Businesses should continue to prepare for a crisis, reinforce their cybersecurity posture and get visibility across their infrastructure. This will enable timely identification of threats and also prevent irreparable damages from potential attacks.
Educating employees, augmenting current security stacks with visibility devices, and turning to managed detection and response services that can make threat hunting easier can be the fundamental elements of the security strategy for 2021.