Top Cyber Threats of 2021

Share This Article

2020 was a unique year, forcing many organizations to rapidly adapt to meet new challenges. At the same time, cyber threat actors were refining their tactics and taking advantage of the shifts in how businesses operate. Going into 2021, many security trends are inspired by the business decisions of 2020.

Phishing Continues to Be a Problem

Phishing is one of the most common types of cyberattacks, mainly because it is often an effective technique for gaining access to an organization’s network and systems. It’s usually easier to trick an employee into handing over sensitive data (like login credentials) or running a piece of malware on a company computer than it is to accomplish these goals through other means.

As a result, phishing will continue to be a problem in 2021 and into the future as long as it remains effective. However, the changing nature of work in the wake of the COVID-19 pandemic has its impacts on phishing as well.

For example, the surge in remote work caused by the COVID-19 pandemic drove many organizations to adopt online collaboration such as Zoom, Slack, etc. The focus on email in phishing awareness training means that employees often do not consider it a threat on these platforms, and workers often believe that only legitimate users can access these platforms, which is not always true.

As a result, phishing attacks on these platforms are more likely to be effective than via email, where employees are more likely to be on their guard and companies may have anti-phishing solutions in place. Cybercriminals have noticed this, and the use of non-email collaboration platforms for phishing has become more common and is likely to continue to do so into 2021.

Exploitation of Remote Work

In 2020, the COVID-19 pandemic forced organizations to pivot suddenly to a mostly or wholly remote workforce. Within a matter of weeks, companies with no existing telework programs needed to adapt and update the infrastructure required to allow their employees to work from home.

With the end of the pandemic in sight, many organizations have no intention of returning to a fully on-site workforce. The benefits of remote work – to the company and its employees – have inspired many to allow at least part-time telework for many of their employees.

However, the rush to stand up remote work programs left security gaps that are actively exploited by cybercriminals. In 2021, companies will continue to face new security threats made possible by widespread telework, including:

  • Exploitation of Remote Access Solutions: Employees working from home need access to the corporate network. As a result, the use of virtual private networks (VPNs) and the remote desktop protocol (RDP) has exploded during the pandemic. Cybercriminals have taken advantage of this, exploiting poor password security and VPN vulnerabilities to access corporate networks, steal data, and plant ransomware.
    • Thread Hijacking Attacks: In a thread hijacking attack, an attacker with access to an employee’s email or other messaging account will respond to an existing conversation. These responses will contain malicious attachments or links to phishing sites and are designed to expand the attacker’s access within an enterprise network. With the rise of remote work, the frequency and success rate of these attacks has grown as employees increasingly communicate using alternative platforms and cybercriminals are more successful at gaining access to email accounts.
    • Vulnerable and Compromised Endpoints: With remote work, employees are working from computers outside the corporate perimeter and the cyber defenses deployed there. Additionally, these devices are less likely to be up-to-date on patches and compliant with corporate policy. As a result, they are easy targets for exploitation by cybercriminals.

As long as insecure remote work remains common, these threats will continue to be a problem. With extended or permanent telework programs comes the need to design and implement effective solutions to secure the remote workforce.

Cloud Adoption Outpaces Security

Cloud adoption has been rapidly rising for years and exploded as a result of the COVID-19 pandemic. With a remote workforce, companies needed the accessibility, flexibility, and scalability offered by cloud-based solutions.

However, while many companies are moving rapidly to the cloud, security is lagging behind. Cloud infrastructure is very different from an on-premise data center, and these differences introduce unique security challenges. Many organizations are still working to understand these differences, leaving their cloud deployments at risk.

For 75% of enterprises, the security of their public cloud infrastructure is a significant concern. Learning how to secure systems hosted on shared servers in vendor-specific environments is challenging, especially when most companies are using services provided by multiple different vendors. In 2021, the failure to implement effective cloud security will remain a major problem, and, according to Gartner, 99% of cloud security incidents through 2025 will be the customer’s fault.

The Rise of Double-Extortion Ransomware

Ransomware has been a growing threat in recent years. A number of high-profile attacks demonstrated to cybercriminals that ransomware was profitable, driving a rapid increase in cybercrime groups operating this malware.

On average, ransomware claims a new victim every ten seconds worldwide, and ransomware costs businesses around $20 billion in 2020, a increase of 75% over the previous year.

The ransomware industry has also experienced numerous innovations in recent years. Ransomware as a Service (RaaS) operators develop and sell ransomware, expanding their reach and providing less sophisticated threat actors with access to high-quality malware.

Another recent trend is the “double extortion” ransomware campaign. Instead of simply encrypting files and demanding a ransom for their recovery, ransomware groups now steal sensitive and valuable data from their victims as well. If the target organization does not pay the ransom, this data is posted online or sold to the highest bidder.

In 2021, ransomware attacks continue to grow in popularity, and more groups are switching to the “double extortion” model. For example, the relatively new DarkSide group uses this technique and has carried off attacks like the one against Colonial Pipeline that was deemed a national emergency in the U.S.

An Epidemic of Healthcare Cyberattacks

 

During the COVID-19 crisis, the healthcare sector became more vital than ever. Hospitals and other healthcare providers around the world were overrun with patients as a result of the pandemic.


In many cases, the focus on patient care took away focus and resources from cybersecurity in these organizations. As a result, an industry that already struggled with cybersecurity was left even more vulnerable to cyberattacks.


In 2020, cybercriminals noticed and took advantage of this. In Q4 2020, Check Point Research reported that cyberattacks against hospitals had increased by 45% worldwide. While, in some areas, the emergence of COVID-19 vaccines has reduced COVID-related hospitalizations and the strain on these organizations, the exploitation of these organizations by cybercriminals and nation state attackers is likely to continue to be a major problem into 2021.

A New Focus on Mobile Devices

 

The popularity of corporate mobile devices and bring your own device (BYOD) policies has been steadily growing in recent years. Employees can be more productive when permitted to use the devices that they are most comfortable with.


With the growth of remote work, this trend is unlikely to reverse itself. Employees working from home or from anywhere are more likely to use mobile devices than those working from the office. With the increased use of mobile devices for business purposes comes new cybersecurity risks.

Cybercriminals are increasingly targeting these devices in their attacks, and many businesses lack the same level of security on their mobile devices as they have on traditional computers.


Additionally, corporate cybersecurity awareness for mobile devices lags behind as well. For example, 46% of companies report that they have had at least one employee install a malicious mobile application. As these mobile devices are increasingly used to store corporate data and access business applications, mobile malware poses a growing threat to corporate cybersecurity.

A More Sophisticated Cyber Threat Landscape

 

Cyber security is a cat and mouse game between cyber attackers and defenders. As cyberattackers develop new tools and techniques, cyber defenders create solutions for identifying and blocking them. This inspires cybercriminals to innovate to bypass or overcome these defenses, and so on.


As cyber threat actors become more professional and organized, the sophistication of their attacks has increased as well. Today, companies face Generation V cyber threats, which include large-scale, multivector attacks across an entire organization or industry. These attacks are enabled by leaks of advanced hacking tools – such as the ShadowBrokers leak that enabled the creation of WannaCry or the theft of FireEye’s suite of penetration testing tools.


Many organizations have security architectures composed of many point security products designed to protect against earlier generations of cyber threats.

These solutions are difficult to manage and lack the security unification and threat intelligence needed to protect against large-scale automated attacks.

Growing Numbers of Zero-Day Attacks

 

A zero day attack is one in which a vulnerability is exploited before a patch for it is available or widely deployed. These attacks can be especially damaging because traditional cyber defense strategies are ineffective at protecting against them. Many of these strategies rely on signature-based detection, which only works if a signature for the malware is publicly available.


Large-scale and highly damaging zero day attacks are becoming more common for a few different reasons. The number of publicly-reported vulnerabilities is growing rapidly with over 23,000 discovered each year. This far outstrips many organizations’ ability to apply updates and patches, meaning that more vulnerabilities are being left open for longer.


Additionally, cybercriminals can often develop an exploit for a vulnerability faster than a patch can be developed, published, and widely applied. Cybercriminals can typically develop an exploit within a week, but most companies take an average of 102 days to apply a patch.


2021 has already seen large-scale attacks exploiting zero-day vulnerabilities, like the DearCry and Hafnium malware variants taking advantage of vulnerabilities in Microsoft Exchange. This trend is likely to continue through 2021.

Managing the 2021 Cyber Threat Landscape

 

In 2021, companies face a number of major cyber security challenges. However, this year also presents opportunities for significant security growth. 2020 demonstrated how businesses need to adapt to the modern world, and 2021 provides an opportunity to design and build security for the future.
Taking advantage of Check Point’s security checkup is a good starting point towards identifying and filling the holes in your corporate cybersecurity strategy. You’re also welcome to check out the 2021 Cyber Security Report for strategies and recommendations on how to protect against the modern, Generation V cyber threat landscape.

Basic Principles of IT Security

Share This Article

Security is a constant worry when it comes to information technology. Data theft, hacking, malware and a host of other threats are enough to keep any IT professional up at night. In this article, we’ll look at the basic principles and best practices that IT professionals use to keep their systems safe.

The Goal of Information Security

Information security follows three overarching principles, often known as the CIA triad (confidentiality, integrity and availability).

  • Confidentiality: This means that information is only being seen or used by people who are authorized to access it. Appropriate security measures must be taken to ensure that private information stays private and is protected against unauthorized disclosure and prying eyes.
  • Integrity: This principle guarantees the integrity and accuracy of data and protects it against modifications. This means that any changes to the information by an unauthorized user are impossible (or at least detected), and changes by authorized users are tracked.
  • Availability: This principle ensures that the information is fully accessible at any time whenever authorized users need it. This means that all the systems used to store, process, and secure all data must be functioning correctly at all times.

So, armed with these higher-level principles, IT security specialists have come up with best practices to help organizations ensure that their information stays safe. 

Balance Protection With Utility

Computers in an office could be completely protected if all the modems were torn out and everyone was kicked out of the room – but then they wouldn’t be of use to anyone. This is why one of the biggest challenges in IT security is finding a balance between resource availability and the confidentiality and integrity of the resources.

Rather than trying to protect against all kinds of threats, most IT departments focus on insulating the most vital systems first and then finding acceptable ways to protect the rest without making them useless. Some of the lower-priority systems may be candidates for automated analysis, so that the most important systems remain the focus.

Assign Minimum Privileges

For an information security system to work, it must know who is allowed to see and do particular things. Someone in accounting, for example, doesn’t need to see all the names in a client database, but he might need to see the figures coming out of sales. This means that a system administrator needs to assign access by a person’s job type, and may need to further refine those limits according to organizational separations. This will ensure that the chief financial officer will ideally be able to access more data and resources than a junior accountant.

That said, rank doesn’t mean full access. A company’s CEO may need to see more data than other individuals, but they don’t automatically need full access to the system. An individual should be assigned the minimum privileges needed to carry out his or her responsibilities. If a person’s responsibilities change, so will the privileges. Assigning minimum privileges reduces the chances that Joe from design will walk out the door with all the marketing data.

Identify Your Vulnerabilities And Plan Ahead

Not all your resources are equally precious. Some data is more important than other, such as a database containing all accounting information about your clients, including their bank IDs, social security numbers, addresses, or other personal information.

At the same time, not every resource is equally vulnerable. For example, information stored on physically separated storage systems that are not connected with the main network is far more secure than information available on all your employees’ BYOD (Bring Your Own Devices.)

Planning ahead for different types of threats (such as hackers, DDoS attacks, or just phishing emails targeting your employees), also helps you assess the risk each object might face in practice.

Identifying which data is more vulnerable and/or more important help you determine the level of security you must employ to protect it and design your security strategies accordingly.

Use Independent Defenses

This is a military principle as much as an IT security one. Using one really good defense, such as authentication protocols, is only good until someone breaches it. When several layers of independent defenses are employed, an attacker must use several different strategies to get through them.

Introducing this type of multilayered complexity doesn’t provide 100 percent protection against attacks, but it does reduce the chances of a successful attack.

Prepare for the Worst, Plan for the Best

If everything else fails, you must still be ready for the worst. Planning for failure will help minimize its actual consequences should it occur. Having backup storage or fail-safe systems in place beforehand allows the IT department to constantly monitor security measures and react quickly to a breach.

If the breach is not serious, the business or organization can keep operating on backup while the problem is addressed. IT security is as much about limiting the damage from breaches as it is about preventing and mitigating it.

Backup, Backup, Backup

Ideally, a security system will never be breached, but when a security breach does take place, the event should be recorded. In fact, IT staff often record as much as they can, even when a breach isn’t happening.

Sometimes the causes of breaches aren’t apparent after the fact, so it’s important to have data to track backwards. Data from breaches will eventually help to improve the system and prevent future attacks – even if it doesn’t initially make sense.

Run Frequent Tests

Hackers are constantly improving their craft, which means information security must evolve to keep up. IT professionals run tests, conduct risk assessments, reread the disaster recovery plan, check the business continuity plan in case of attack, and then do it all over again.