Few could have predicted that 2020 would be dominated by COVID-19. As governments worldwide encouraged people to stay home, to control the pandemic, thousands began working from home and businesses accelerated their digital transformation plans. While this had some huge benefits, it also highlighted the vulnerabilities of enterprise security.
With so many employees accessing corporate networks from remote locations, on sometimes unprotected devices, cybercriminals took note and exploited these endpoints to try and gain access to corporate data. As businesses continue to champion remote working long-term and threat actors become more sophisticated, these risks need addressing. Let’s take a look at my top cyber predictions for 2021.
Ransomware was the most observed threat in 2020 and became more dangerous than we’ve ever seen. Initially blocking access to systems, devices or data for a ransom, attacks have transitioned into encrypting systems and using cryptocurrency as a form of payment and now they are finding ways to become self-spreading.
According to one estimate, ransomware accounted for 81% of financially motivated cyberattacks in 2020 and global attacks rose by 110%.
Cybercriminals are establishing new profitable and scalable business models, which will give rise to even more ransomware attacks in 2021 and beyond. Alongside finding new ways to infect businesses with ransomware, through Virtual Private Networks and mobile phones, they are also starting to steal company data, thereby turning ransomware attacks into data breaches and extortion.
Solutions like Cyber Insurance, Breach Response and Forensics Services or Managed Security Information and Event Management (MSIEM) can help protect your business. As can simple steps like encouraging cyber awareness amongst your teams and backing up data in the cloud.
The pandemic also became a fertile ground for malicious campaigns as cybercriminals leveraged the uncertainty and anxiety around COVID-19 for their social engineering attacks.
Effective social engineering attacks are believable because they are consistent with what’s happening around the victim, whether it’s current events, activity in the workplace, or events in their personal life. So it’s perhaps no surprise that they preyed on such an obvious topic. As the fight against coronavirus continues into 2021, scammers will continue to use the virus to trick people into sharing sensitive information, using fraudulent emails, spam, and phishing attempts around vaccine-related issues and other health response efforts.
Your best line of defence is to educate your employees and tighten up your authentication processes with either multi-factor authentication or a Zero-Trust model.
The number of cloud users grew last year and will continue to do so as businesses turn more to cloud environments to support remote and flexible ways of working.
With larger amounts of sensitive data in motion, cybercriminals are much more likely to target your cloud solutions, quickly integrating newly disclosed flaws and vulnerabilities in popular software into their campaigns. In addition, the increasingly dense overlay of numerous connected devices, apps and web services used in our professional and private lives will grow the cloud attack surface.
While this threat isn’t new, what is new is the blend of information flowing from personal and business devices and the increasing remote access to cloud-based products like Zoom, Microsoft Teams and Office 365 as employees log on from home.
Transfer of sensitive information over unsecured or unsanctioned channels such as instant messaging apps or personal emails, will start to play a key role in data breaches and leaks. Remote workers are the low-hanging fruit here. Rather than focusing on protecting the network infrastructure, businesses need to focus on the connections and move to user-centric security controls, such as Zero-Trust architectures.
Educating employees on security policies and working with cloud providers who already integrate security within their offering is also an important part of protecting your business.
Rather than attacking large firms, which have complex and mature security systems, threat actors have begun to turn their attention to smaller suppliers with less-sophisticated protection. There will also be more attacks where cybercriminals target large organisations to infiltrate their extensive supplier and customer base.
With this in mind, businesses of all sizes, in all sectors need to be prepared.
For small and medium-sized enterprises that means making sure they aren’t the weakest link in the supply chain by carrying out vulnerability assessments, protecting endpoints and networks and training employees. Whereas multi-national companies will want to make sure suppliers match their levels of security by conducting vendor management assessments and setting new standards of compliance.
Vodacom Security Solutions have all the key components to promote your business IT Infrastructure to be safe and secure, preventing unauthorised access and managing threats. Vodacom provides end-to-end security solutions leveraging skilled resources and cutting edge technology to secure IT systems and networks. Visit Vodacom Business online for more information.
-
Head of Cybersecurity,
Vodafone Business