September 1st, 2021 Read Time: 7 minutes
Justin Sheil is the Content Marketing Manager at Electric. He has 5+ years experience writing about a wide range of technology topics. As part of his role at Electric, he currently functions as the head of the company’s Research & Insights division.
Subscribe to our blog and stay up to date
The year 2020 saw an increase in digital dependency in response to the COVID-19 global pandemic. Businesses were forced to take their operations online and even install new facilitates to support their remote workforce. As fear and uncertainty of the virus continued to spread, cybercriminals took advantage of the shift leading to a 600% increase in cyber-attacks according to the United Nations.
While the world is yet to completely recover from the pandemic, it's clear that cybersecurity professionals ought to stay vigilant in 2021. This is especially true given that the number of the remote workforce is predicted to double in the same year.
Even though businesses were migrating to the cloud even before the crisis, the pandemic acted as an accelerator of the same. Moreover, as the remote workforce continues to grow, cloud adoption will accelerate in equal measure to encourage employees' collaboration.
However, the rushed cloud migration introduces a host of new cloud security threats and challenges. These include access management which is a prime target for cybercriminals in a decentralized workforce setting.
To mitigate these challenges, IT departments will need to work together with the remote workforce by encouraging them to use multi-factor authentication (MFA). This cyber security tool acts as an extra layer of security that prevents unauthorized access to cloud systems.
Other measures include establishing a distinct layout for access management on the server's side. This way, employees will have access to only information pertaining to their department. For example, the marketing department doesn't need to have access to finance department protocols.
Password spray is when nefarious actors obtain a list of accounts at a target organization and attempt to sign-in into all of them in a single go using a small subset of the most popular or most likely passwords until they gain access to one.
In a password spray attack, the bad actor is able to circumvent common countermeasures like an account lock out by “spraying” the same password across a high volume of accounts before trying another password.
These password spray attacks tend to target legacy authentication protocols because they don’t support multi-factor authentication, which is considered the best defense against such threats. Last year, there was an uptick of password spray attacks against healthcare organizations as cyber criminals thought they would be too overwhelmed with the global pandemic to be concerned with security.
Research from Nokia’s Threat Intelligence Report 2020 released last October indicates IoT devices are now responsible for 33% of all infections observed in mobile and Wi-Fi networks, which is up from 16% percent in 2019.
Given that IoT devices are expected to continue rapidly proliferating, the number of IoT infections will continue to similarly increase. Any number of different devices can be susceptible. For instance, in a 2019 Russian state-sponsored hack devices like a VOIP phone, an office printer, and a video decoder were all targeted.
The Nokia report also indicates that nefarious individuals are more successful at infecting IoT devices that are assigned public-facing internet IP addresses. Conversely, they found that the infection rate was significantly less in networks having carrier-grade Network Address Translation, because the vulnerable devices were not visible to network scanning.
Ransomware has been a persistent threat even before the pandemic and is expected to increase despite the growing awareness of the cyber threat. Usually, ransomware attacks occur through phishing schemes used by criminals to gain access to a system. Upon entry, the bad actor withholds all the data and demands payment from the victim to give them back their data.
Unfortunately, it's not guaranteed that the victim will regain access to their data upon payment. What's even worse is that it can be impossible to track the criminal if the payment is made in Bitcoin or any other private cryptocurrency.
The most viable solution to ransomware attacks is relentlessly backing-up your organization's sensitive data, systems, and applications. This way, you can walk away from a compromised system without paying the ransom. You may also consider segmenting your data such that your entire network isn't compromised in case of an attack.
AI is an ever-growing field that is becoming an essential tool in detecting and blocking cyber threats. Similarly, cybercriminals are using AI to advance their attacks and exploit vulnerabilities in systems. AI-powered malware can move into an organization's systems undetected using machine learning. As such, both cybersecurity professionals and cybercriminals are in an arms race to see who will use AI to their advantage.
To counter AI-orchestrated cybercrimes, IT departments will need to keep tabs on the latest developments of AI and machine learning. Armed with knowledge, it will be easier for security professionals to design better AI tools to detect cyber threats early enough.
As the decentralized workforce grows in 2021, it means that employees will be using unpatched devices to access an organization's systems. These devices, unlike those issued by the employer, are less secure resulting in endpoint attacks
Think of an employee working remotely from a cafe using public Wi-Fi. Without sufficient security measures, the employee would end up exposing an organization's data to malicious hackers. Further, if an employee's device lacks robust security systems such as an anti-virus; attackers may infringe the company's data.
Organizations will therefore have to provide their remote taskforce with the technical support required to safeguard their devices from attackers. Most importantly, organizations should encourage their employees to separate their personal data from corporate data. The latter should be stored in a different file and backed-up for recovery in case the device is lost.
A distributed denial of service (DDoS) attack is a cyber threat in which a malicious actor overwhelms a web-based service, preventing others from accessing it. Recent data from Kaspersky shows an increase in DDoS attacks in the first quarter of 2020 as businesses moved their services online. With more people expected to work remotely, these attacks will certainly intensify in 2021 posing serious threats to a business' online systems.
That said, cybersecurity professionals will have to invest in robust log monitoring and analysis tools to detect DDoS threats. Also, organizations will have to use cloud-based DDoS prevention tools rather than relying on traditional firewalls. The latter offers only network layer protection while the former is equipped with additional filtering capabilities to defend against application-layer attacks.
Fileless attacks are a subset of 'living of the land' (Lotl) attacks, which exploit existing files in a victim's device. As the name suggests, these attacks don't depend on file-based payloads nor do they generate files. As a result, they can fly under the radar of numerous detection solutions.
Usually, fileless attacks start with phishing by emailing a victim a link to a malicious website. The bad actor then uses social engineering tactics on the website to retrieve and implement payloads using existing tools such as PowerShell. Remote employees are at a higher risk of falling victim to these attacks as hackers exploit spear-phishing campaigns to bait them.
Since fileless attacks are hard to detect using traditional security tools, extensive behavioral analysis is the only effective way to detect abnormalities in existing files.
2020 was a tough year for IT departments who had to manage the unprecedented shift to online operations. Unfortunately, from a cybersecurity stand, things will only get tougher as security professionals grapple with increasing cyber threats.
The best way to curb these threats is to take adequate preventive measures as outlined above. This way, organizations can safeguard their data and respond to threats early enough before the damage is done.