In 2020, the world experienced not only a pandemic, but also a dramatic increase in cybersecurity threats. The rise was driven by several factors, from the advent of COVID, to an expansion of work-from-home culture, to an escalation in ransomware attacks. Email phishing campaigns were snaring their victims. Unsecured home devices were being hacked. Even large technology companies were breached.
Although much of the world is now getting the pandemic under control, when it comes to cyber threats, 2021 looks a lot like last year. In fact, cybercriminals are doubling down on their successful schemes and creating new threats. What’s more, companies are worrying not just about getting their systems breached, but also about falling out of compliance with an ever-expanding number of security and data privacy regulations.
Here are four leading cybersecurity threats to be aware of in 2021:
Cybercriminals go phishing during COVID
Savvy cybercriminals began exploiting new vulnerabilities created by the work-from-home culture that sprung out of the pandemic. A significant vulnerability was employees’ home email accounts. Hackers launched unrelenting phishing attacks on them when they were at their most vulnerable. Studies show that, at the start of the pandemic, people were three times more likely to click on a phishing link and share their private information.
Phishing is the fraudulent attempt to obtain sensitive information, such as passwords and credit card numbers, by impersonating a trustworthy source. The first wave of email phishing attacks attracted people with keywords, like “pandemic” and “virus diagnosis.” Later, the cyber attackers switched it up to include terms like “vaccine” and stimulus checks.” In 2021 and moving forward, hackers will continually look for the next wave of terms to use to hook their victims.
Cybercriminals hit the home front
Along with phishing, at-home workers’ devices were also at risk. Unlike the office setting, where security measures can be enforced with rigor, companies can’t maintain security in thousands of workers’ homes. As a result, in 2020, security professionals struggled to “secure the perimeter,” a phrase that means monitoring the internal network using traditional perimeter monitoring and access controls, such as firewalls and network intrusion detection systems.
One of the most common attacks that hit the home front was stealing credentials through virtual meeting apps like Zoom. Fighting at-home risks requires companies to improve their endpoint management solutions, which enable control over data and apps. This is critical because 84% of IT leaders anticipate broader and more permanent work-from-home adoption in 2021 and beyond.
Major third-party breach catches cybercriminals’ attention
Most people have heard about one of the biggest cyberattacks on an American company. In 2020, hackers secretly broke into systems at Texas-based SolarWinds and added malicious code to its product, called Orion. The company unknowingly sent out software updates to many of its 33,000 customers that included hacked code. This created a backdoor into their customers’ systems, which allowed hackers to install malicious (malware) software. The success of these cyber criminals caught the attention of other hackers, who also want to log a big breach under their belts.
Cybercriminals escalate ransomware attacks
Ransomware was a growing method of attack in 2020 with a 300% increase by April, according to the FBI, and a seven-fold rise in attacks by mid-year. This is an attack using malware that threatens to publish or block access to data or computer systems, usually by encryption, until the victim pays a ransom fee to the attacker.
Ironically, the attacks increased in 2020 because so many companies tried to mitigate the threat by purchasing ransomware insurance. The cybercriminals realized that companies will now pay them to gain back access to their systems rather than try to fight the attack. The trend is on track to continue in 2021. Preventing ransomware attacks is accomplished with a back-to-basics approach that includes stronger security hygiene, like timely patching, regular backups, and enforced least-privilege access policies.
As the technologies to fight cybercrime get smarter, so do the criminals. To win the battle, businesses need to make cybersecurity a top priority by deploying a sound security strategy and advanced tools. Partnering with Managed Service Providers with IT security expertise adds another layer of security that helps mitigate security risks, as well as rapidly handle any threats.
If you could use some help from one of our Managed Service Providers, fill out a needs assessment here: