One of the trends for 2021 you can count on is that cybersecurity threats are not going away. Quite the contrary, they will continue to escalate. Let’s take a look at some of the top cybersecurity threats.
To give you a notion of the severity of cybercrime and its impact on business, here are some figures for 2021 reported by Cybersecurity Ventures:
- Cybercrime damage costs will hit $6 trillion, an increase of $3 trillion since 2015.
- Cybersecurity spending will exceed $1 trillion.
- The world will have 3.5 million unfilled cybersecurity jobs. The unemployment rate for cybersecurity is 0%.
- Damages from ransomware attacks will reach $20 billion, with an attack happening every 11 seconds.
COVID accelerated cyber-attacks. Tanium reported that 90% of executives surveyed said they experienced an increase in attacks owing to COVID. The Internet of Things (IoT) has opened new doors for hackers. Nokia reported that IoT devices make up roughly 33% of infected devices.
Cyber-attacks will become more sophisticated and more frequent. Be prepared, or else.
7 Top Cybersecurity Threats for 2021
Whether you have an internal IT staff, a cybersecurity company, or a combination of both, you need to be ready to handle these top security threats this year.
Nearly one-third of intrusions involve phishing. Moreover, nearly two-thirds of organizations have experienced a phishing attack.
A social engineering attack, phishing is one of the more dangerous threats to your organization because it presents itself as coming from a reputable source. Once an employee clicks on the link, malware will infect their device. That could subject you to ransomware. It will also allow a hacker to log into the account.
How can you protect personal data against phishing?
- Conduct cyber awareness training to alert employees to threat. Phishing attempts often use a salutation like Dear Customer instead of a name.
- Be careful about sending sensitive information. When in doubt, contact the party directly.
- Install anti-phishing toolbars on web browsers.
- Use two-factor authentication.
- Install antivirus software on computers and phones.
2. SMS-Based Phishing
Phishing occurs through emails or web browsing. Smishing occurs through SMS text messages on your phone. Like phishing, the message contains a link. When you click on the link, your device is infected. A hacker can access sensitive data like your account name, password, banking account, and credit card numbers.
Another social engineering attack, smishing attacks are successful because recipients read 98% of text messages. Another 45% respond to a text message. Conversely, recipients read only 20% of email messages while responding 6% of the time. According to Proofpoint, 84% of organizations faced smishing attacks.
Preventing smishing attacks:
- Conduct cyber awareness training and simulations to inform employees.
- Train employees not to click embedded links or downloads directly from a text to eliminate the risk.
- Watch for generic language.
- Look out for messages that contain 5000 or any number that is not a phone number.
- Use a VPN.
- Use spam blocking apps for greater security.
3. PDF Scams
An email instructs the user to open the attached PDF. Of course, when opened, the user is exposed to malware. PDF scams are dangerous because employees associated a PDF document with work. That makes them more likely to be opened. PDF files carry more than 17% of malware attacks.
Employee training is essential. Counsel employees to watch for generic messages or messages with an unusual email. Keep virus protection in place on computers and your network, and make sure it is current.
Malware is the collective term for several malicious software variants, including viruses, spyware, trojans, adware, and ransomware. Typically, it requires a user to take an action that triggers the attack. Once infected, a hacker can steal sensitive information, gain control of multiple computers, and mine cryptocurrencies.
The good news is that Malware attacks are declining. Even so, they hit more than half of organizations last year. According to SonicWall, almost 10 billion attacks happened last year. New variants get introduced every year. Internet of Things (IoT) devices have become a favorite target registering 34.3 million attacks.
You should take aggressive measure to avoid malware attacks:
- Keep your operating systems and applications updated.
- Remove legacy apps in favor of the latest versions.
- Limit the number of apps on devices.
- Deploy a mobile security solution like Todyl.
- Conduct cyber awareness training for employees.
- Only purchase software from reputable companies.
5. IoT Attacks
As mentioned, IoT devices have become increasingly popular. The most vulnerable devices include laptops, computers, smartphones, tablets, networked cameras, and streaming video devices. Endpoints to these devices are just under 6 billion, which increases vulnerabilities.
IoT devices are effectively low-hanging fruit and pose immediate concerns for a variety of reasons:
- 98% of all IoT traffic is unencrypted.
- 57% of IoT devices are vulnerable to medium or high severity attacks.
- 48% of businesses are unable to detect a data breach.
- 10% of organizations are very confident in being protected against an IoT attack.
You can help secure IoT devices by investing in a network analysis tool, using devices that support SNMP, enabling a firewall with an up-to-date router, and patching devices. Most importantly, make sure default passwords are changed to enhance security.
6. Credential Stuffing
Credential stuffing represents a significant threat this year. This attack targets login credentials. Attackers take an extensive list of usernames and passwords. Those lists get stuffed into the login page of other devices. Credential stuffing is particularly powerful when multiple accounts use the same login credentials. The net impact is that a hacker gains access to each of those accounts.
The best way to prevent these attacks is by using unique passwords for every account. Implement a password policy. Use two-factor authentication. You should also log and monitor website traffic over the internet. Typically, the login success rate for a website is 60-85%. If you see a lower success rate, it could indicate credential stuffing.
Managing IPs is also an effective way to prevent credential stuffing. IP rate limiting checks for high-rate log in attempts. If detected, the IP address can be blocked. Poorly funded hackers will often use a small block of IP addresses to make detection easier.
7. Cloud Breaches
With so many businesses now using cloud services, breaches are becoming more commonplace. According to IDC, nearly 80% of companies surveyed experienced at least one cloud breach during the past 18 months. Another 43% reported ten or more.
Cloud misconfigurations (67%) are a common source of the issue, followed by a lack of visibility into access settings (64%) and identity and access management permission errors (61%).
To avoid cloud breaches, take these steps:
- Encrypt system data regardless of location.
- Use closed access security broker methods.
- Allow just enough access (JEA) to devices and data.
- Monitor traffic and domain audits.
- Have backups available.
There Are Even More Cybersecurity Threats Waiting for You
We covered seven of the top cybersecurity threats. Others include man-in-the-middle attacks, distributed denial-of-service attacks, DNS tunneling, crypto-jacking, and drive-by attacks. Sadly, even that list isn’t all-inclusive.
All of this is to say you can never let your guard down when it comes to cybersecurity. Your risks even increase depending on your industry. Healthcare routinely faces threats from cyber-attacks. Manufacturing, financial services, and government are equally at risk.
And if you’re a smaller business, your risk potential increases often owing to limited budgets or staffing concerns. If breached, the average financial impact for an SMB is $117,000. Phishing is your number one concern. Insider-related cyber incidents cost organizations of 500 or fewer employees an average of $7.68 million per incident.
The Federal Bureau of investigation, yes, the FBI, recommends SMBs supplement internal efforts with a cybersecurity company or consultant.
Want to Make Sure You Don’t Fall Victim to the Top Cybersecurity Threats?
Get a FREE security assessment to uncover potential exposures. Just give us a call or complete the form.
We deliver IT support to small and mid-sized businesses in Harrisburg, Lancaster, York, Lebanon, Carlisle, and Reading. Our cybersecurity services include multiple layers of protection to make your IT operations virtually hack-free.
You can count on us for a fast response. Our average time to ticket completion is just over 2.5 hours.