It’s fair to say a lot changed in 2020. It was an unprecedented year, full of uncertainty, both economically and politically. 2021 has started much the same, with anytime, anywhere, remote working patterns remaining prevalent in the business world. The move to remote working was sudden and sharp, and the result was an extra strain on IT systems and security.
For most businesses, adopting remote working principles significantly heightened their risk. Where employees were once using on-premise IT networks and secure applications, they are now using home WiFi and personal devices to access business information.
Of course, while the pandemic was sweeping across the world, cyber threats weren’t sitting back idly. Where there are vulnerabilities, there are threat actors looking to exploit them. The already quickly-evolving threat landscape became business-critical as the digital capabilities of businesses were stretched to the limit, and that remains in the early part of this year. We are now, more than ever, reliant on our technology. But with that reliance comes the need to ensure it’s safe and secure usage.
Here are the key cyber security trends to watch out for this year.
1. Home working expands the threat landscape
With remote working expected to stay, it’s inevitable that we’ll see more human error-led cyber fails than before. This is because of a few reasons: Security complacency from being outside the IT network and employee fatigue from being burnt out. Businesses need to quickly adapt and improve employee understanding of the threats as well as adopt the right technology to firstly enable employees to work seamlessly remotely and secondly work securely.
The better education of employees is vital to combatting cyber threats, with people remaining one of the biggest security weaknesses for every business. Employees need to know what to do when they’ve made a cyber mistake (especially now they can’t simply go and ask someone in IT), the threats to watch out for, and ensure they take regular breaks to ensure mistakes aren’t made.
Cloud technologies and services have been vital for ensuring business-as-usual during the pandemic, but this has also placed a lot of dependencies on apps such as Skype, Zoom and Microsoft Teams. This will have a lasting impact and businesses need to be prepared for an uptick in endpoint protection to ensure employee devices are fully secure.
With the pandemic ongoing, securing the remote workforce will be a key battle between cybercriminals and businesses this year. For hackers, unsecured personal devices, WiFi and applications will have them licking their lips.
2. Insider threats remain a key
The workforce is changing dramatically at the moment with continual change expected. This will create a prosperous opportunity for those looking to exploit insider threats. Research by Forrester suggests that the increase in remote working will see data breaches from insider threats jump from 25% to 33% in 2021. There have even been rumours of ‘undercover workers’ posing as fake employees who get hired remotely, getting access to sensitive information with the network.
3. Backing Up and Encryption
Enabling automatic company backups is one of the only ways to ensure your data is available if you ever suffer a breach. Encrypting data whenever possible will also make it incredibly difficult for a cyber criminal to compromise files or electronic messages that could be sensitive.
3. Inbox vulnerabilities
As with the above, exploiting employees will be a challenge today and in the future. Email vulnerabilities are arguably the biggest threat and easiest entry point for the bad guys. Emails are regularly the perfect carrier of malware infecting software and ransomware attacks.
Unfortunately, email phishing attacks have never been easier for criminals to execute, mainly due to automation. Cyber criminals have already begun to automate spear phishing and this is expected to increase in 2021, meaning the volume of phishing emails being sent will be dramatically increased – improving success.
The upside is automated phishing emails will likely be less complex and easier to spot than manually created attack emails. Regardless, ensuring employees are up-to-date with what to look out for is vital. At a very basic level, if an email looks dodgy, make sure they don’t click it!
4. The AI boom
The vast amount of daily attacks today means that human defence is no longer enough. Businesses must continue to look to new technologies such as AI and machine learning to better identify threats and take quicker action.
The practical implementation of advanced AI is still to be realised across most industries, but the potential benefits are clear. Applying AI and machine learning will significantly improve threat intelligence, automate effective countermeasures and help to free up burdened IT teams in the future.
5. 5G and the mobile opportunity for hackers
The mobile threat trend will continue to evolve quickly, especially with the rise in 5G. Mobile threats already include threats such as spyware to view encrypted messaging and the exploitation of vulnerable apps on certain app marketplaces.
Mobile-focused security needs to form a part of overall cyber security programmes to ensure the safe use of mobile devices. The result could well be a fundamental shift from secure IT corporate networks to cloud-based security solutions. However, employee awareness will still be vital to ensure mobile devices, tablets and more are not compromised.
The full impact of 5G is yet to be known, but the adoption will not be a walk in the park. There will almost certainly be vulnerabilities to exploit for both businesses and consumers and secure 5G networks won’t be an easy fix.
6. Financial incentives driving ransomware attacks
With economical difficulties facing many in this uncertain time, financially motivated crime is bound to increase. Ransomware, which involves holding business/personal data hostage until a ransom fee has been paid, has been a significant business threat and profitable cyber criminal activity for some time. This is bound to increase in 2021.
The more educated the workforce against scam emails and files, the better protected against ransomware. However, a single file download or open when connected to your business network can cause significant damage to your business.