Blog Post Heading
Blog Post Content
By Marco Martinez
Editor, MindEdge Learning
From the COVID-19 pandemic to the recent SolarWinds security breach, there has been no shortage of bad news in 2020.
The pandemic has opened up a Pandora’s box of opportunities for computer hackers to exploit, and they have been more active—and successful—than ever before. In nearly every industry, attacks have increased and have resulted in costly and embarrassing information breaches. And those are only the breaches that are publicly known!
What does the New Year hold on the cybersecurity front? Without benefit of a crystal ball, here are our Top Three Cybersecurity Predictions for 2021:
- Malware: Old and new malware will be the top methods that hackers use to steal, lock up, and destroy data. Municipal governments, healthcare organizations, and school districts will likely be victims of ransomware.
- Web-based attacks: These attacks on browsers, websites, and web services will contribute to an increase in credential theft and the skimming of payment information. This in turn will lead to more banking fraud, phishing attacks, and identity theft.
- Phishing: The spread of malware and fraud schemes will continue as people click on websites and email links claiming to be legitimate businesses. Scams will likely take advantage of the deluge of COVID-related news to help fuel the spread of attacks.
Oh wait—these attacks already happened in 2020! That’s right, and we’re predicting that they’re going to happen again in 2021. Although the order of the list may change, these threats will persist through 2021, and perhaps beyond. The reason is simple: people just don’t seem to learn from past mistakes.
Think back to last spring, when the surging pandemic forced widespread lockdowns of businesses and schools. In the rush to get everyone working or learning online, the security of remote connections was not a high priority. At the same time, many malware attacks in 2020 featured news about the novel coronavirus, tricking people into opening dangerous email attachments or clicking on malicious websites. The results: while expanding access to more and more people, many organizations and businesses neglected basic security hygiene. Instead, they contributed to a more hazardous security situation known as “network sprawl,” as more and more unsecured devices accessed corporate networks.
Similarly, as educators scrambled to address emergency remote learning, they had to move quickly to implement untried learning plans and go fully online. The majority of school districts, colleges, and universities never had a contingency plan to handle this volume of online teaching. These same schools also never planned how to scale up training for educators, to help them teach in a virtual environment. As teachers and students alike had to adjust to video conferencing, new learning platforms, and isolation, few considered the security issues that this would bring. This led to zoom bombing and credential-stealing attacks in unprecedented numbers.
In the healthcare sector, the pandemic allowed attackers to focus on the fear and uncertainty associated with the virus. Again, security was not top-of-mind for most healthcare organizations. This resulted in a more expansive “attack surface,” where attackers could deploy malware that targeted more and more remote workers and vulnerable medical devices. Also, the first ransomware-related fatality occurred after an attack on a hospital in Düsseldorf. And the recurring attacks by the Kwampirs Remote Access Trojan provided a vivid example of an advanced persistent threat (APT) that has already cost organizations millions of dollars in damages.
The target-rich environment that the pandemic helped create has led to the use of many novel attack methods. Not only have old and new malware been combined in unique ways, but various criminal syndicates and even state actors have joined forces and swapped attack tools on the dark web at a furious pace. Protecting against the top threats listed above would naïvely leave out a host of other attack methods that can be equally devastating when successful. This is why it is more crucial than ever for organizations to provide continuous security awareness training that addresses this rapidly changing threat environment.
Waiting for an attack to happen is not a viable strategy any more. We all must become better at practicing basic security hygiene. At a minimum, we should be able to identify many of the indicators of the most common attacks, and know how to protect against them. In essence, we all have to become cyberthreat hunters.
For a complete listing of MindEdge’s course offerings on cyber security and CISSP®, click here.
Copyright © 2021 MindEdge, Inc.