The year is drawing to an end, and numerous organizations are still reeling from the impacts of various security threats and attacks. For example, up to 1500 businesses have been victims of different ransomware attacks in the US alone. In addition, thousands more have been victims of other forms of attacks, including social engineering state-sponsored attacks. Furthermore, with business owners having to contend with a new working normal, most notably due to the global COVID-19 pandemic, various cybersecurity threats have emerged. Therefore, understanding the most recent security threats and how you can stop them is essential to enhancing your organization's cybersecurity posture.
The 2021 Cybersecurity Landscape
Most cybersecurity and IT teams grapple with limited budgets and an ever-widening skills shortage gap. Nevertheless, malicious cyber actors are unrelenting in the development of more sophisticated malware and attack techniques. For example, security researchers usually discover at least 560,000 new malware strains daily in 2021. The following threat and attack statistics illustrate the cybersecurity landscape in 2021.
Projections show that cybercrime will cost the world more than $6 trillion in 2021, with the figure expected to increase to $10.5 trillion by 2025.
Although new cybersecurity threats emerge daily, 65% of cybersecurity specialists believe that the security teams in most organizations are understaffed. Shortage of cybersecurity talent implies that companies must understand current and emerging threats to protect themselves better using the available resources.
The COVID-19 pandemic has uncomfortably resulted in multiple threats impacting the organizational cybersecurity processes. According to Deloitte, the pandemic has impacted cybersecurity preparedness, including elevated and expanded attack surfaces due to work from home requirements, delayed attack detection and mitigation, increasing gaps in information and physical security, and an influx of attackers.
The human element is the primary cause of data breaches in 2021. A Verizon report established that 85% of all cyber breaches result from human error or ignorance. Also, stolen login credentials and social engineering accounted for 61% and 35% of all cyber incidents.
Latest Cybersecurity Threats to Watch Out For
1. Ransomware as a Service
Ransomware attack victims have made news headlines for the better part of 2021, with the FBI reporting a sharp rise of 300% of ransomware incidents. While ransomware is not a new threat, a new paradigm – ransomware as a service – has contributed to the increase of ransomware attacks worldwide. Ransomware as a service is just as the term implies; a person hires ransomware from malware authors and splits the profits after executing a ransomware attack. Multiple ransomware-as-a-service gangs established themselves in 2020, but a few have been consistent throughout 2021. For instance, some ransomware attacks that have cost millions in 2021 have been executed through ransomware as a service affiliate program. A recent study found that almost two-thirds of all ransomware attacks are executed through ransomware as a service affiliate programs.
2. Deepfake Cybersecurity Threats
With new cybersecurity development, cyber threat actors use more innovative techniques to compromise their targets. One of the most recent methods is using machine learning and artificial intelligence to perpetrate deepfake attacks. Deepfakes comprise specially crafted videos, audios, or images using ML and AI technologies to make them appear as original as the legitimate media. audio or video content information. Various cybersecurity researchers agree that deepfake can become a huge cybersecurity threat to organizations worldwide. Besides, increased reliance on audio or video-based communication in current work from home arrangements may motivate hackers to focus on deepfake-based attacks. The head of the cybersecurity strategy at CyberCube, Darren Thomson, stated that "new and emerging social engineering techniques like deep fake video and audio will fundamentally change the cyber threat landscape and are becoming both technically feasible and economically viable for criminal organizations of all sizes."
3. Remote Working Attacks
Work from home is not a new approach, but it has become synonymous with pandemic containment in 2020 and 2021. In recent research, one in five employees worked from home most of the time before the pandemic, but the number has since risen as now 71% work remotely most or all of the time. Also, more than half prefer work from home arrangements after the pandemic has ended completely. However, hackers have also ramped up attacks targeted at remote workers in 2021. The primary reason is that remote working leaves many organizations exposed to multiple security threats since work from home arrangements hinders the effective use of solutions like endpoint security. An expanded attack surface, use of personal insecure devices, network access via vulnerable Wi-Fi networks, and others are some reasons why remote working is the new frontier of cyberattacks.
4. Cybersecurity Tool Sprawl
Ironically, the root cause of most cybersecurity problems plaguing enterprises today is not the lack of adequate cybersecurity solutions but rather a vast collection of security tools that are challenging to manage. For example, a recent cybersecurity survey found that, on average, enterprise cybersecurity teams use ten to thirty security tools to monitor cloud ecosystems, network infrastructures, devices, and applications. Essentially, most organizations often acquire a new cybersecurity solution to fix a specific security challenge, and with time, the tools may accumulate to unmanageable levels. The trend has been common in 2021 as companies rushed to protect the digital solutions implemented through the accelerated adoption of technologies to enable a remote working environment. The impacts of cybersecurity tool sprawl include weak cyber threat detection, diminished visibility of network users and devices, and inability to respond to detected threats on time.
5. Distributed Insider Threats
Insider threats are a menace to their employer because they have specific knowledge regarding their organizations' networks and data. Although they have existed for a long, a shift to remote working has only distributed them, resulting in various challenges. For example, it is possible to track insider threat activities in an office by determining which employee used which work-issued device to commit cybercrime and at what time. On the other hand, employees use personal devices when working from home, which is much harder to track, control, and monitor.
We can help!
Are you looking for ongoing advisory services to assist in identifying vulnerabilities and security policies that should be in place and help improve your security posture? The team at Inception Security™ has been leveraged to enhance the security posture of fortune 100 companies, small and medium-sized businesses. Our team has a depth of knowledge in the cybersecurity industry and will be able to provide value to your business right away.
Contact Inception Security if your company is looking for advisory services.