Last year was a disaster in terms of data breaches. A study presented by TechRadar, called The Insider Data Breach Survey 2021, revealed that 94% of all surveyed businesses had suffered a data breach from an insider in the last 12 months, with an overwhelming majority (84%) of the respondents citing human error as the cause of most serious breaches.
Remote and hybrid working environments caused by the COVID-19 pandemic may further compound the problem, and increase the insecurity of deployed IT systems. As more organizations continue to complete their digital transformation, it’s imperative that businesses keep up with the growing complexity of today’s cybersecurity landscape. Here are the top cybersecurity threats you should be on the lookout for in 2021, according to experts:
Phishing
Last year saw the re-emergence of phishing tactics that prey on unknowing individuals and organizations to steal user data by obtaining their passwords. Phishing has cost Americans more than $4.2 billion last year, according to the FBI’s latest figures. Despite training on phishing awareness, these tactics are still effective against institutions like universities and colleges. Even users of office tools under Microsoft 365 are targeted by phishing; in fact, Microsoft’s Security Intelligence team has recently issued an alert to Office 365 users and admins to be on the lookout for a “crafty” active phishing email campaign that utilizes legitimate-looking original sender email addresses, spoofed display sender addresses, and display names that mimic legitimate services.
Third-party vulnerabilities
Trust has become taboo in the cybersecurity space as hackers continue to focus on third-party vendors who have access to more data. Bigger organizations engage with at least 80 to 150 third-party vendors with varying degrees of access and volumes of data from businesses. Businesses definitely must implement more stringent security policies in their software supply chain. However, some research highlights that businesses that experience data loss from third-party vulnerabilities also tend to underinvest in cybersecurity.
AI-enabled hacking
Automated attacks that make use of AI are a new and increasingly real concern according to security researcher Bruce Schneier. Any good AI system will naturally find hacks, and once they do, vulnerabilities will be found at a scale that we are unprepared to handle. Multiple and repeated attacks will be resource-intensive and difficult to mitigate, so they may favor hackers. However, AI may also be utilized to find and fix software vulnerabilities before they can be exploited — so AI could still be a double-edged sword.
Cyber espionage
Experts are increasingly concerned about the rise of state-backed attacks in recent years. In fact, some say it’s the most dramatic development in the cybersecurity space. While major superpowers are quick to throw accusations at each other, last year also saw attacks from developing countries beefing up their capabilities. As geopolitical tensions continue to increase, experts predict that these nation-backed forms of cyber warfare will remain a part of the global security landscape during 2021 and beyond.
Overcoming Security Threats
With the spillover of the attacks from last year and the amount of personal data now publicly available, it will be easier for hackers across the globe to leverage vulnerabilities and gain more access. Whether it’s your policies for network security or BYOD rules, your organization needs to tick all the boxes when it comes to making sure your data is safe against these threats. Here are a few tips to get you started:
Hire in-house professionals or managed cybersecurity service providers
Our post on Cybersecurity Challenges notes that cybersecurity costs are increasing per employee, moving upwards from $2700. While it’s always good to educate your employees about social media attacks and cyber threats, it’s essential to safeguard your data from human error by hiring someone with actual cybersecurity experience. The good news is that business education at every level puts an emphasis on cybersecurity, with more higher-education institutions offering online courses at both a bachelor’s and master’s level. Maryville University’s online master’s degrees in cybersecurity provide graduates with knowledge on network security, security log management, forensics, and more, so you can hire an in-house team to build you defensive and preventative strategies against potential hacks.
Of course, another practical and efficient option is to hire a managed cybersecurity service provider. Most managed security providers have extensive knowledge and experience with cybersecurity, as they handle a number of clients in various industries. They may also use tools that in-house teams may not be familiar with, and you can save costs on monthly salaries, benefits, and bonuses. The Tek is a leading cybersecurity provider, and we can address your needs by implementing elevated technology strategies to reduce risks and increase digital protection. We specialize in various methods, including advanced protection, penetration testing, compliance services, and removal of viruses or malware.
Keep your systems secure
You may not be aware, but some cybersecurity attacks can actually be physical. A malicious hacker can simply walk into your office and plug in a USB key containing infected files to infect your network. Tighten control over who can access your computers, and make sure to have additional security systems in place. The most basic thing to do is to change your password periodically, and never share your password with unauthorized personnel. As much as possible, include at least 15 characters of mixed numbers, letters, and symbols in your password; remember, passwords like “1234”, “admin”, and “password” can easily be hacked.
Simple measures, like locking your computer when you’re not at your desk or activating two-factor authentication, can also beef up your defenses. As mentioned in Megan Heater’s article on device security, two-factor authentication requires users to enter their password, then confirms their entry through other devices like a code sent to an authentication app. This way, you can be sure no one is logging into your accounts without your knowledge.
Ensure endpoint protection
Endpoint protection protects the networks that are remotely bridged to devices. Smartphones, laptops, and tablets that are connected to corporate networks can give access paths to security threats, so they should be protected with specific, high-quality software. Even printers can be an access point, as discussed in our article on Printers, a Silent Security Weak Link. Printers can be an entryway to your business network, so if their firmware is outdated, it could potentially be used to attack other applications or launch a ransomware attack.
It’s also good practice to have a guest WiFi network separate from your internal WiFi, as it’s the safest way to give visitors access to the internet. If a guest logs on to your primary network with a malware-infected or compromised device, the virus can easily spread to all other devices connected to the same WiFi network.
Cybersecurity threats will continue to increase this year and beyond. By recognizing the threats and making the right moves to overcome them your business will be much safer.
Written by J. Birch for thetek.com
