There is no arguing cyber security threats are on the rise. The COVID-19 pandemic has given hackers new opportunities and avenues to exploit sensitive data, leading to devastating consequences. In response, 55 percent of enterprise executives plan to increase cyber security budgets and 51 percent have plans to add a full-time cyber staff in 2021 (Source: click here). Sophisticated cyber criminals will use end-users and their home resources as a springboard into other things going forward. Corporate attacks are launched from remote worker’s home networks and can be coordinated carefully so they do not raise suspicions. Advanced malware eventually discovers more valuable data and trends using new EATs (Edge Access Trojans) while preforming invasive activities, such as intercepting requests off local networks that compromise additional systems or inject attack additional commands (Source: click here). Expect these trends and others to continue to cause businesses headaches in 2021. Is your business prepared to defend against the following cyber security trends that are being predicted for this year?
In 2021 we can expect ransomware gangs to continue developing new tactics that pressurize victims. In 2020, cyber criminals began to develop their tactics and found new ways to pressure victims into paying. It is predicted that within the coming year we may see ransomware criminals become aggressive in finding new ways to tighten the screws on their victims. Ransomware attacks can be difficult and time consuming to perform, with the potential returns being enormous. During 2020, attackers began finding more ways of maximizing revenues. For example, the Maze ransomware gang started stealing data from victims’ networks before encryption and threatening to publish the data unless the ransom was paid. This strategy allowed the gang to influence two kinds of victims who might not have otherwise paid the ransom. These victims could potentially be organizations who might have been well prepared and able to restore their networks without having to pay for decryption keys, or could potentially be organizations who decided that the cost of losing their data is lower than the risk of paying the ransom. The success of this tactic was demonstrated by several other ransomware gangs when they immediately began to incorporate it into their attacks (Source: click here). Businesses can expect more of these same attacks in 2021 as cyber criminals attempt to continue perfecting their craft.
Perhaps one of the most disturbing cyber security trends we may be faced with in 2021 is cyber criminals targeting the healthcare sector. Some attacks can be so crippling that it disrupts their ability to provide care to patients, which can become deadly. Cyber attacks on healthcare facilities in 2020 alone impacted 17.3 million people in 436 breaches, which were tracked by the U.S. Department of Health and Human Services Breach Portal. That is eye-opening considering those numbers are up from 31 breaches affecting 49,000 people in January 2020. Cyber criminals often attack healthcare providers because medical records are best-sellers on the dark web. Knowing that cyber attacks can have fatal consequences and many healthcare organizations may not have adequate cyber security controls, attackers are in a prime position to exfiltrate PHI or get healthcare organizations to hand over ransoms (Source: click here). In 2021, healthcare institutions are going to be tasked with not only the physical health of their patients, but the electronic well-being of their patients.
Legacy security architecture like VPNs may prove to be the weak link for plenty of organizations in 2021. Many businesses viewed legacy security architectures, such as VPNs, as the silver bullet solution for remote work. Unfortunately, this is not a sufficient long-term solution since VPNs can result in latency, hampered productivity, difficulty to scale, and allowing employees excessive access to internal resources. VPNs can also represent liabilities that cyber criminals can easily exploit with the use of ransomware. Looking back at the July 2020 Twitter hack, attackers were able to use an employee’s stolen VPN credentials to access high-profile users’ accounts to promote a Bitcoin scam without ever having their identities authenticated. There are 400 million businesses and consumers using VPNs across the globe. It’s more than probable that we will continue to see VPNs targeted by cyber criminals (Source: click here). Luckily, the popularity of multi-factor authentication has been growing. This approach provides additional security by implementing protection in layers making it more difficult for intruders to gain access to sensitive information. Has your business adopted multi-factor authentication?
Cyber security threats are on the rise and businesses cannot wait to invest in cyber security until after a crippling attack. Guidehouse Insights recommends that executives should designate leaders within your organization who will be responsible for knowing about your networks and endpoints along with the broader global threat landscapes. Also, consider outliers statistically as part of your organizations risk assessments. Forming avenues for sharing information, even if it’s with your competitors, about similar threats, challenges and new trends could prove advantageous since awareness is critical. We can expect the talk around cyber security to only intensify in 2021 with momentum towards a zero-trust security model heating up (Source: click here). Is your business equipped with the tools to fend off an attack?
ACP CreativIT has a dedicated department for cyber security. Whether you’re looking to start protecting your business, or you have a solid foundation and want to ensure you are protected for the future, ACP CreativIT can help. Contact us at contactus@cccp.com to talk to one of our security experts today or visit our cyber security page here.