Key Trends In Cyber Security

Most business ventures rely on lessons learned to improve outcomes. They analyse what they did right or wrong to fill gaps and adapt strategies for future success. The cyber security industry should also follow this model. However, no one expected 2020 to turn out the way it did, and most of us hoped 2021 would see some marked improvements. Unfortunately, this hasn’t been the case so far. 

The first month of the year saw peak infection rates in many parts of the world. It means many of the same security challenges will continue into the near future with no apparent recovery in sight. 

With rates of cyber crime rising fast, the global pandemic has opened many opportunities for malicious actors in 2020.  At not quite its mid point, this year might turn out to be a similar story. The shift into remote learning and working has allowed hackers to easily access employees that are no longer surrounded by encrypted computers or protected networks in their typical workspaces. Here are some key trends to follow:-

Continued Growth Of Phishing, Spear-phishing & Social Engineering Attacks

These common threats have risen significantly since the beginning of the pandemic. There is every reason for cyber criminals to look for ways to vary their approaches and find the highest response rate. Security firm KnowB4 reported a 600 percent increase in phishing attacks in the first quarter of 2020. This figure has since abated as everyone has adjusted to COVID-19-related changes. However, many employees are still susceptible to the ongoing barrage of phishing attempts. Kaspersky has found that phishing attacks are becoming more sophisticated and numerous security specialists have warned of increased spear-phishing in the coming year.

Growth Of Malicious Insider Attacks

Even before COVID-19, the 2020 Insider Threat Report from Cybersecurity Insiders found 68 percent of organisations considered themselves vulnerable to insider threat. The pandemic has only worsened this situation with a continual rise in insider attacks. The transition to remote workspaces has also brought about a range of significant security challenges. This trend is unlikely to abate in the next year.  

Remote Workers Are Targets For Ransomware Attack

The trend towards working remotely or from home looks set to continue. Upwork predicts an 87 percent increase in remote workers in the US by 2025. Almost half of the American workforce is now fully remote. In the UK, Locatee reports that only 7 percent of UK professionals plan to return to the office when possible. Added flexibility could bring more benefits than drawbacks for employees.

Remote work also means increased pressure on security teams to locate the security gaps hackers are looking to exploit. In particular, this has been in ransomware attacks. They saw a seven-fold year-over-year increase in 2020. Attackers have been innovating and taking advantage of employees working remotely through extortion and data exfiltration. 

SMEs are best advised to develop a rigorous security policy for employees working from home and increasing security measures. This includes endpoint protection and secured Wi-Fi connections.

Automation Will Drive Increased Security Vulnerabilities

To provide solutions for a workforce that has shifted to working remotely in a relatively short period, organisations have increased digital transformation plans. Organisations are increasingly automating multiple operational processes using artificial intelligence, machine learning and robotic process automation (RPA). These can increase productivity and improve security for remote workers. However, there are also vulnerabilities whenever new systems have been deployed. 

Cyber criminals can exploit automation to pick up on patterns and identify any vulnerabilities. They can also gather data to be used for launching malicious attacks.

Cloud Adoption Is Leading To Gaps In Security

Since the beginning of the pandemic, the widespread increase in cloud adoption is hardly surprising, even though overall IT spending has fallen. Synergy Research Group reports that in the first quarter of 2020, spending on cloud technologies increased by 37 percent.In many ways, cloud technology has prevented the pandemic from causing a much larger crisis and economic downturn. 

One aspect of the mass migration to the cloud is an increase in security threats where organisations put employee productivity before security. 

One cause may have been through businesses failing to secure cloud storage. Another is allowing credentials to be available in source code with numerous consequential breaches as a result. In 2021, security teams should address issues that have resulted from the shift to the cloud as a priority.

Attackers Taking Advantage Of Compliance Challenges

The EU-US Privacy Shield allowed organisations to transfer data between the EU and the US. It was revoked by the European Court of Justice in July 2020. More than 5,000 companies were required to update their systems immediately, with no grace period. There are two possible alternatives to the privacy shield, Standard Contractual Clauses and the Binding Corporate Rule. Disruptions in compliance represent a higher level of risk for organisations that deal with personal data. It took a long time for businesses to organise all their personally identifiable information (PII) for the GDPR coming into force in 2018. Since then, many large companies like EasyJet have been fined following security breaches. 

To make matters much worse, criminal groups are well aware that organisations have extra incentive to avoid breaches being made public. It means they are more likely to pay ransoms.

Continual Rise In Ransomware Attacks

Ransomware attacks are growing and the third quarter of 2020 saw a 139 percent year-over-year increase in ransomware attacks in the US. These are also growing in scope with the use of leakware, which steals plain text data then encrypts it. They are becoming more damaging and costly than ever. The average ransom amount increased from $110,000 to $170,000 from the first to the third quarter of 2020.

Cyber criminals are making some allowances for the healthcare industry during the pandemic, though not enough. An attack in Germany resulted in the death of a woman who was unable to receive treatment.

2021 does not offer us much more certainty in terms of the global crisis, which is expected to take more time to improve. There is still a great deal of pressure on security teams to keep up with the changing environment and show the capacity to innovate faster than cyber criminals. 

But as with the blight of the coronavirus itself, we still have the collective potential to prevail in the face of adversity. To reduce the chances and effects of cyber attacks important aspects is to ensure you have an effective cyber audit process and cyber security training. 

Forbes:     RockDoveSolutions:         Straight Edge Tech:     Enterprise Times:      24By7 Security

Cyber Security Intelligence can recommend leading experts in Pentesting, Cyber Audit trials and Cyber Security Training . Please contact us for details.

You Might Also Read:

Cybercrime’s Deadly Impact On Business:

 

« Securing Smart Devices
Apple Hammered By EU »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BruCON

BruCON

Brucon is Belgiums premium security and hacking conference.

Telos

Telos

Telos offers cybersecurity solutions and services that empower and protect the world’s most security-conscious enterprises.

Clusit

Clusit

Clusit is the Italian Association for Information Security, a nonprofit organization devoted to promoting every aspect of information security.

Fortress Group

Fortress Group

Fortress is specialized in confidential and discrete recruitment solutions and temporary staffing in the field of security and risk management.

Global Station for Big Data & Cybersecurity (GSB)

Global Station for Big Data & Cybersecurity (GSB)

GSB is an interdisciplinary research hub to cover big data, information networks, and cybersecurity.

Verlingue

Verlingue

Verlingue (formerly ICB Group) is a leading corporate insurance broker providing Insurance, Risk Management and related advice to businesses and private clients.

Network Integrity Systems

Network Integrity Systems

Network Integrity Systems is a leader in network infrastructure security and offers solutions specifically developed for Government and Private Enterprise.

Atempo

Atempo

Atempo is a leading independent European-based software vendor with a global presence. We provide solutions to protect, store, move and recover all your data.

Asoftnet

Asoftnet

Asoftnet are specialists in IT security, IT forensics, IT service, websites, applications and mobile solutions.

FTAPI Software

FTAPI Software

FTAPI SecuTransfer is a software solution for end-to-end encrypted data exchange of large and sensitive data with customers and partners.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

VerSprite

VerSprite

VerSprite is a specialist information security consulting firm. We provide organizations with detection across all their attack surfaces and deliver critical insight into all possible attack methods.

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER) conducts full spectrum military cyberspace operations in order to enable freedom of action in cyberspace and deny the same to the adversary.

Acmetek Global Solutions

Acmetek Global Solutions

Acmetek is a Global Distributor and a Trusted Advisor of PKI /IOT & SSL Security Products and a Managed Services Company.

Nicoll Curtin

Nicoll Curtin

Nicoll Curtin is a global company with over 20 years of experience in connecting outstanding talent with industry leading companies within Technology, Change and Cyber Security.

Karate Labs

Karate Labs

Karate is an open-source unified test automation platform combining API testing, API performance testing, API mocks & UI testing.