In 2020, the number of cybersecurity threats as a result of the corona pandemic increased significantly worldwide. Savvy cybercriminals found new ways to exploit vulnerabilities with the trend to work from home during the crisis. For example, computers used in the home office were hacked. New phishing attacks triggered by buzzwords such as “diagnosis of the virus” or “economic stimulus package” also appeared for the first time. Widely used technical systems such as Windows PowerShell were targeted and login details for Zoom were stolen.
What
about the biggest security threats a year later? A large number of the
dangers mentioned have not yet been resolved this year either. In
addition, new security gaps appear. Cybercriminals continue to force
the attack methods that have proven so successful over the past year and
develop new threats to exploit the most important vulnerabilities in today's IT
landscape.
Threat # 1: Extending the Perimeter to Employees' Homes
Due
to the increasing number of employees who have been working from home since
2020, companies are expanding their perimeter to include their workforce's
apartments. As a result, security professionals have difficulty using
traditional perimeter monitoring and access controls such as firewalls and
intrusion detection systems to monitor their internal networks. In addition, 84% of all IT managers expect a further
and more permanent spread of homework even after the pandemic,
which means that these challenges will be with us this year and beyond.
IT
teams must therefore increasingly rely on effective systems for endpoint
security, such as tools for Mobile Device Management (MDM) and Secure Access Service Edge (SASE). Such
tools provide better visibility and control over the data, including when it
comes to third-party applications like Zoom, Slack, and Microsoft 365. This approach also includes traditional means of securing endpoints by ensuring that
security tools such as antivirus, malware -Protection installed, patches up-to-date,
secure configurations set and endpoints protected.
Threat # 2: Criminals Become Aware of External Hacker Attacks
With the successful
SolarWinds hack, the subsequent attack on over 300 of the
company's customers, and other third-party data breaches,
more and more companies are focusing on their third-party risk management
programs. This development illustrates the increased sophistication,
complexity and tenacity of the attackers.
Mergers,
acquisitions and licensing management should work more closely with the
governance, risk assessment, and compliance teams to prevent such third party
attacks from disrupting their networks. A thorough security check of all
external providers are crucial. In addition, such in-house cooperation
prepares companies for compliance regulations that will be more effective in
the future, which will require more comprehensive and sound risk management
programs for third parties.
Threat # 3: Growing Ransomware Attacks
The
number of ransomware attacks rose significantly in 2020: According to the FBI,
it grew by 300% by April alone and by the middle of
the year it had increased sevenfold. In 2021, it
looks like attacks of this type will continue to be among the strongest
threats.
One of The reasons for this is that more and more companies are taking out insurance against
ransomware, which has not escaped cybercriminals. Since
the companies are covered by insurance, the amount required to decrypt the data
is simply paid instead of repelling the attack. The attackers achieved
quick successes.
A good approach to preventing ransomware attacks is to go back to the basics of cyber
hygiene. This includes, for example, timely patching, enforcement of the
principle of “least access rights” and regular backups in secure storage locations.
Threat # 4: New Forms of Phishing Email Scams
In
2020, both the number and the complexity of attacks with phishing emails
continued to increase. Cybercriminals use phishing to distribute
malware, steal access data and fraudulently deprive users of their money. Study
results show that at the beginning of the pandemic, users were three
times more likely to click on a phishing link and enter their
login details. In a survey conducted in mid-2020, 38% of respondents said that one of their
colleagues had been a victim of a phishing attack in the past year.
Although
phishing attacks did not change fundamentally in 2020, the actors adapted their
strategies over the course of the year and adjusted their keywords to new areas
of interest in the population. At the beginning of the year, attackers
preferred to use catchwords such as “pandemic” and “COVID”. As the public
discussion moved in the direction of possible solutions for overcoming the
crisis, attackers switched their vocabulary to emotionally charged terms such
as “vaccinations” and “aid money”.
Unfortunately,
there is no one-size-fits-all solution that guarantees you can ward off
malicious emails. However, with the help of a combination of coordinated
systems and trained staff, you can reduce the threat of phishing emails:
- Run
the technical security controls on your email platforms.
- Mark
e-mails sent by non-company senders as "external" with a banner.
- Use
analysis tools for emails that detect the content of untrustworthy senders
as well as newly created, only temporarily used email accounts and
domains.
- Implement
a comprehensive security awareness program for your employees so that they can recognize phishing attacks that could not be blocked beforehand.
- You
can also simulate phishing attacks in the company so that your employees know what to do with suspicious emails.
Protect your data from a phishing email, we are introducing you Protegent Free Antivirus Software
What Is Your Cybersecurity Risk Score?
It
is important to understand the maturity of your cybersecurity program in order
to make informed decisions about how to counter attackers and the tactics,
techniques, and procedures involved. With this self-assessment
of your cybersecurity risk, you are taking the
first step in the right direction. After answering these simple questions
about your cybersecurity technology, your processes, and your people, you will
receive a cybersecurity risk assessment based on our benchmark. This will
help you discover common security vulnerabilities in your environment that you
may not have been aware of.

No comments:
Post a Comment