Cybersecurity Trends That Will Impact Your Business
It’s hard to believe we’re three-quarters of the way through 2021 – time flies, as they say. So, let’s look at some of the cybersecurity trends presented earlier this year. Many have morphed from trending to becoming a full-blown reality.
Here’s a look at some of the top trending items for 2021:
Ransomware Attacks Escalate
Let’s start with the obvious one – ransomware. Far from a trend at this point, ransomware attacks have become public enemy number one for most organizations. Attacks nearly doubled during the first half of 2021. Last year, 1,112 ransomware attacks happened the entire year compared to the first six months this year when 1,097 attacks took place.
Moreover, ransomware victims grew by almost 100% through June. Three ransomware groups were responsible for 60% of the attacks. Estimates reflect, however, more than 120 separate ransomware families and hackers pose threats. Conti, Avaddon, and REvil lead the pack.
The United States remains the most targeted country, with 54.9% of total victims. Meanwhile, five industries constitute 60% of the targets, with Manufacturing topping the list by accounting for 30% of victims:
- Financial Services
- Legal and Human Resources
Over time, ransomware attackers have grown in sophistication. Indeed, social engineering attacks, in general, show more complexity. Phishing exploits incorporate machine learning, for example. Plus, attackers now share and coordinate more aggressively on the dark web.
Learn what you can do to prevent ransomware attacks.
Insider Threats on the Rise
It’s natural to think that cybersecurity threats only come from outside your organization. But data suggests otherwise. According to Carnegie Mellon, all industry sectors consistently experience insider incidents from trusted business partners, ranging from 15% to 25% of breaches. Moreover, Forrester predicts that insider breaches will increase by 8% this year and account for 33% of cybersecurity incidents.
No industry is immune to an insider threat, although the percentage varies:
- Finance and Insurance: 38%
- Federal Government: 31%
- Entertainment: 30%
- Information Technology: 22%
- Healthcare: 18%
- State and Local Government: 30%
Irresponsible employee behavior coupled with a lack of vigilance allows insiders to exploit security. As a result, companies need to take action to cover security gaps.
Remote Security Threats
One of the significant business shifts stemming from the pandemic is a more pervasive remote workforce. Upwork estimates that more than 26% of the U.S. workforce will continue to work remotely through the end of the year. In 2025, it estimates that the number will only drop by four percentage points to 22%, but that’s still an 87% increase compared to pre-pandemic levels.
Unfortunately, remote workers present headaches for organizations because of the cybersecurity risks. Typically, home offices lack the security associated with a centralized office. That leaves the door open for drive-by wireless attacks, especially in complexes where hackers can target significant numbers of people. In addition, home-based workers tend to demonstrate poor cybersecurity practices.
Companies must now expand their security posture to identify additional security vulnerabilities, improve and implement security controls, and ensure proper monitoring and documentation of remote workers and their equipment. A more mobile workforce also demands increased attention to mobile security.
You can learn more about the security issues of a WFH workforce and how to reduce your risks here.
Supply Chain Attacks
In 2020, 82% of organizations experienced a data breach owing to a supply chain cybersecurity weakness. As a result, cybercriminals continue to feast on supply chain vulnerabilities, increasing their attacks by 42% in Q1.
VMware reported that 50% of today’s cyber-attacks target a network along with other networks attached via a supply chain. Once a hacker penetrates your network, they’ll move laterally to other networks, escalating their privileges to gain control over your systems. Additionally, many infiltrators lie dormant for extended periods collecting and exfiltrating data.
Expansion of Cloud Services and Cloud Security Risks
With the increase in remote workers and a desire to collaborate more online, cloud adoption is beneficial. After all, it delivers scalability, efficiency, and cost savings. As a result, global cloud services spending projects to $1 trillion in 2024, with a CAGR of nearly 16% from 2020-24 (IDC).
But even as cloud services offer significant benefits, they come with increased cyber risks. For instance, attackers view cloud services as a prime target. Misconfigured settings often lead to data breaches, unauthorized access, insecure interfaces, and account hijacking.
The cloud raises even more potential concerns:
- Ensuring regulatory compliance across jurisdictions
- Providing sufficient IT expertise to handle the demands of cloud computing
- Cloud migration issues
- Dealing with more potential entry points for attackers
- Insider threats – some accidental, some intentional – caused by unauthorized remote access, weak passwords, unsecured networks, and misuse of personal devices
Despite the list of concerns, the cloud remains a high on-the-radar service for organizations. Paying attention to cloud security best practices remedies most concerns.
The Internet of Things (IoT)
The 2021 Director of National Intelligence (DNI) report estimates that the IoT will reach 64 billion objects by 2026, monitored in real-time. In addition, the McKinsey Global Institute reports that 127 new devices connect to the internet every second. IoT devices deliver various benefits to businesses – improved measurements, great agility, increased efficiencies, faster response, and more convenience.
By the same token, IoT devices expand the cyber-attack surface, giving hackers even more options for breaching networks and exfiltrating data. IoT devices have fewer processing and storage capabilities, making employing firewalls, antivirus, and other security measures challenging.
The IoT relates to supply chain vulnerabilities due to networks and devices’ proliferation. Hackers take advantage of poor security practices by suppliers, compromised hardware and software, and insider threats.
The combination of work-from-home, mobile device security, and IoT presents major cybersecurity concerns that many organizations fail to navigate.
Multi-Factor Authentication Changes
MFA represents a standard for authentication. Microsoft, for example, indicated that it blocks 99.9% of account compromise attacks.
Well, times are changing. Cybercriminals are uncovering new ways to bypass it through SMS or phone calls. Although SMS offers a level of security, messages themselves lack encryption. Consequently, threat actors perform man-in-the-middle attacks to capture the one-time passcode in plain text.
The banking sector presents one of the most significant risks for this type of attack because it typically conducts authentication through SMS. As a result, Microsoft now recommends using app-based authenticators like Google Authenticator and security keys versus phone-based MFA.
Zero Trust Architecture Becomes More Mainstream
Although zero trust has a solid footing among tech enterprises, it has only recently garnered the attention of non-tech companies. COVID and move to remote workforces started the movement. But President Biden’s recent executive order raised its specter even more, pushing many cybersecurity software vendors to include it with their offerings.
Zero trust espouses four principles:
- No user should be trusted
- VPN and firewalls only guard the perimeter, rendering them inadequate
- Identity and device authentication apply to the entire network and not just the perimeter
- Micro-segmentation reduces the risk and impact of hackers
A zero-trust platform also supports the layering of new functions on top of components within your existing infrastructure. As a result, organizations retain current security investments. Learn more about a zero-trust architecture.
Use of Artificial Intelligence Expands
The cyber-threat landscape has evolved so that humans can’t handle it alone — enter artificial intelligence (AI). Consequently, organizations increasingly turn to AI to expand and improve their IT infrastructure.
AI analyzes massive quantities of data at risk quickly. In addition, it offers more robust threat detection. Plus, AI delivers a host of other cybersecurity solutions like automated security systems, face detection, natural language processing, and automatic threat detection. And it comes with cost savings for companies – organizations that suffered a data breach with AI fully deployed saved an average of $3.58 million last year, according to IBM.
Unfortunately, cybercriminals reap the benefits of artificial intelligence equally. AI allows them to automate attacks using data-poisoning and model-stealing techniques.
Greater Reliance on Cyber Insurance
With cyber-attacks constantly on the rise, companies become more exposed. As a result, more organizations turn to cyber insurance for protection. Just under 50% of medium and large-sized organizations purchased insurance last year. Roughly 25% of those same companies did so in 2016.
Unsurprisingly, cyber insurance premiums reflect an increase due to increased exposure. Premiums for most midsize and large companies rose 20%, while small businesses saw a 7% increase.
Some industries saw notable claim increases from H1 2020 through H1 2021:
- Professional Services: 53%
- Information Technology: 46%
- Nonprofits: 30%
The most frequent causes of cyber insurance claims are hacking, ransomware, phishing, and employee negligence. Accountants, medical offices, and apartment buildings typically pay the highest premiums for cyber insurance, considering they possess social security numbers, birth dates, and other sensitive information.
Need Some Help with Your Security?
Apart from the concerns mentioned above, trends also point to more reliance on having a Security Operations Center (SOC), deployment of SASE, and data privacy as a discipline, among others. On top of that, severe shortages of qualified cyber professionals continue to make cybersecurity more daunting.
If you’re a small or medium-sized business, staying on top of the ever-evolving cybersecurity landscape isn’t easy. That’s where we come in. As a managed IT services provider, we stay on top of the developing trends to make sure you stay ahead of the security curve.
Our cybersecurity services focus on deploying layers of security to create the most comprehensive barrier possible against cyber-attacks. Call us today if you’re looking for a cybersecurity company near you in the Harrisburg, York, Lancaster, Reading, Allentown, or Carlisle areas. We’ll make your company virtually hack-free.