No one expected 2020 to turn out the way it did, and most of us hoped 2021 would see some marked improvements. Unfortunately, this hasn’t been the case so far. The first month of the year saw peak infection rates in many parts of the world. It means many of the same security challenges will continue into the near future with no apparent recovery in sight.
With rates of cybercrime already rising fast, the global pandemic opened many opportunities for malicious actors in 2020. Sadly, 2021 might tell a similar story.
Here are seven key trends to follow.
1. The continued growth of phishing, spear-phishing and social engineering attacks
These common threats have risen significantly since the beginning of the pandemic. There is every reason for cybercriminals to look for ways to vary their approaches and find the highest response rate. Security firm KnowB4 reported a 600 percent increase in phishing attacks in the first quarter of 2020. This figure has since abated as everyone has adjusted to COVID-19-related changes. However, many employees are still susceptible to the ongoing barrage of phishing attempts.
Kaspersky has found that phishing attacks are becoming more sophisticated. At the Exabeam Spotlight20 conference, security specialists warned of increased spear phishing in the coming year.
A higher than average global internet usage has also precipitated a rise in social engineering attacks from criminals eager to manipulate every potential vulnerability. The best response to all these threats is with high-quality, organisation-wide educational programmes. These help to build an effective human firewall.
A sensible response to these security issues is finding a reliable IT company that can offer support and consultation, such as Computers In The City.
2. A growth of malicious insider attacks
Even before COVID-19, the 2020 Insider Threat Report from Cybersecurity Insiders found 68 percent of organisations considered themselves vulnerable to insider threat. The pandemic has only worsened this situation with a continual rise in insider attacks.
The transition to remote workspaces has also brought about a range of significant security challenges. This trend is unlikely to abate in the next year. Forrester has predicted a rise in security breaches attributed to the insider threat from 25 to 33 percent in 2021.
3. Remote and homeworking as targets, especially for ransomware attacks
The trend towards working remotely or from home looks set to continue. Upwork predicts an 87 percent increase in remote workers in the US by 2025. Almost half of the American workforce is now fully remote. In the UK, Locatee reports that only 7 percent of UK professionals plan to return to the office when possible.
Added flexibility could bring more benefits than drawbacks for employees. Remote work also means increased pressure on security teams to locate the security gaps hackers are looking to exploit. In particular, this has been in ransomware attacks. They saw a seven-fold year-over-year increase in 2020. Attackers have been innovating and taking advantage of employees working remotely through extorsion and data exfiltration. SMEs are best advised to develop a rigorous security policy for employees working from home and increasing security measures. This includes endpoint protection and secured Wi-Fi connections.
4. Hyperautomation will drive an increased amount of security vulnerabilities
To provide solutions for a workforce that has shifted to working remotely in a relatively short period, organisations have increased digital transformation plans. The term ‘hyperautomation’ is the process by which organisations automate multiple operational processes using artificial intelligence, machine learning and robotic process automation (RPA).
These can increase productivity and improve security for remote workers. However, there are also vulnerabilities whenever new systems have been deployed. Cybercriminals can exploit automation to pick up on patterns and identify any vulnerabilities. They can also gather data to be used for launching malicious attacks.
5. Accelerated cloud adoption leading to potential gaps in security
Since the beginning of the pandemic, the widespread increase in cloud adoption is hardly surprising, even though overall IT spending has fallen. Synergy Research Group reports that in the first quarter of 2020, spending on cloud technologies increased by 37 percent.
The move towards the cloud is predicted to continue into 2021. Gartner forecasts end-user spending on public cloud computing will increase by 18 percent worldwide. It also predicts that IT spending for enterprises worldwide will be 14.2 percent of the total budget by 2024 – compared with 9.1 percent in 2020.
In many ways, cloud technology has prevented the pandemic from causing a much larger crisis and economic downturn. Unfortunately, the inevitable fallout of the mass migration to the cloud is an increase in security threats where organisations put employee productivity before security. One cause may have been through businesses failing to secure cloud storage. Another is allowing credentials to be available in source code. No matter the cause, many have suffered breaches as a result. In 2021, security teams should address issues that have resulted from the shift to the cloud as a priority.
6. Attackers taking advantage of compliance challenges
The EU-US Privacy Shield allowed organisations to transfer data between the EU and the US. It was revoked by the European Court of Justice in July 2020. More than 5,000 companies were required to update their systems immediately, with no grace period. There are two possible alternatives to the privacy shield, Standard Contractual Clauses and the Binding Corporate Rule.
Disruptions in compliance represent a higher level of risk for organisations that deal with personal data. It took a long time for businesses to organise all their personally identifiable information (PII) for the GDPR coming into force in 2018. Since then, many large companies like EasyJet have been fined following security breaches. To make matters much worse, criminal groups are well aware that organisations have extra incentive to avoid breaches being made public. It means they are more likely to pay ransoms.
7. A continual rise in ransomware attacks
Ransomware attacks have been on the rise. The third quarter of 2020 saw a 139 percent year-over-year increase in ransomware attacks in the US. These are also growing in scope with the use of leakware, which steals plaintext data then encrypts it. They are becoming more damaging and costly than ever. The average ransom amount increased from $110,000 to $170,000 from the first to the third quarter of 2020. Cybercriminals are making some allowances for the healthcare industry during the pandemic, though not enough. An attack in Germany resulted in the death of a woman who was unable to receive treatment.
The global pandemic has brought a trend of ransomware attacks that are increasing in number, sophistication and financial damage. The Sophos 2021 Threat Report warns that ransomware attacks “continue to innovate both their technology and their criminal modus operandi at an accelerating pace”. It is a threat that is not going away, so it is best to be prepared for an immediate response.
2021 does not offer us much more certainty in terms of the global crisis, which is expected to take more time to improve. There is still a great deal of pressure on security teams to keep up with the changing environment and show the capacity to innovate faster than cybercriminals. But as with the blight of the coronavirus itself, we still have the collective potential to prevail in the face of adversity.
Computers In The City is a leading managed services provider that delivers technological solutions to enhance business performance. Working with financial services providers and other organisations in London, CitC provides outstanding IT support to the City of London & the West End, with client relationships stretching back to its inception over 20+ years.