Cyber Security Expert Jonathan Wood, CEO C2 Cyber, vendor risk management solutions provider, gives his top five cybersecurity predictions on what organisations can expect in our post-lockdown world.
There’s no doubt it’s been a turbulent few years. With cybersecurity attacks rising 20% last year and ransomware attacks increasing 485% globally in 2020 compared to 2019, the threat landscape is intensifying as hackers become more sophisticated, aggressive and cunning.
Now we’re out of lockdown, many businesses have finalised their transition plans to a hybrid working model, however IT teams are faced with an even greater level of complexity. Securing their network, ensuring home working setups are fit for purpose as well as managing potential risk among suppliers, all while hackers sharpen their skills and plan their next attack.
To help organisations navigate this high-risk landscape, here are my top five predictions on what organisations can expect for the rest of 2021, including the risks to watch out for and guidance on how they can be prepared.
1. Malware will get smarter and hackers will accelerate their attacks on organisations via home networks
As organisations embrace a hybrid model of working, cybersecurity risks will continue to rise as hackers exploit under-protected home networks as an avenue to access valuable corporate endpoint devices. For the rest of the year, we expect to see an increasing spread of malware that not only infects networks but also looks for signs that an infected device is for corporate use, e.g. evidence of VPN usage. By deliberately seeking out and infecting company-owned laptops and smart devices on our home networks, attackers could compromise more and more corporate networks by using these devices as an entry point.
Takeaway: Organisations need to tighten up anti-virus/anti-malware protection and ensure employee’s home networks are fit for purpose. Training on securing Wi-Fi, changing default passwords and other straightforward but often neglected precautions are easily delivered!
2. Ransomware attacks will become more sophisticated and rapidly increase
As organisations recover from the lockdown recession, hackers will accelerate their rate of ransomware attacks targeting a business every 11 seconds by the end of this year. While attack vectors are becoming more sophisticated, with cyber-criminals using machine learning techniques to avoid security defences, one of the biggest security risks is simply cloud misconfigurations, according to 68% of organisations. This is when an environment is set up in a way that doesn’t provide adequate security and gives hackers an easy route into your network.
Takeaway: To increase your security protocols and keep hackers out, run security tests such as penetration tests to check that your cloud configurations are all set up correctly. This will close out all easy access points for hackers.
3. Hackers will prioritise exploiting vulnerabilities across the supply chain to attack organisations
The increasing reliance on third-party suppliers combined with the exponential rise in digitisation across the supply chain means it has become the route of choice for more and more hackers. 16% of all malicious attacks are now due to vulnerabilities in third-party software. This number will increase over the second half of this year. Last year, the FBI warned banks to be wary of “cybercriminals targeting the vulnerabilities in third-party services” as a way into financial institution data. This now rings true for organisations across all sectors with hackers increasingly exploiting vulnerabilities across suppliers as a route in.
Takeaway: As organisations have hundreds if not thousands of suppliers who pose varying degrees of risk, you need to get ahead of any attacks by identifying the risk level of each supplier. Then pinpoint the areas that need action among the high-risk category and ask the suppliers to make the required updates. These actions will be critical to safeguard your organisation from attacks.
4. Employees will continue to fall for the same social engineering tactics
Across any organisation, there’s always a small group of employees who have a tendency to click on a phishing email or open a suspicious attachment that will trigger an attack. All it takes is for one employee to do this and an entire network could be infected. In fact, 30% of phishing messages are opened by targeted users, and 12% of those users click on the malicious attachment or link.
Takeaway: There are anti-phishing solutions available to help users determine legitimate email traffic from nefarious, but the real protection starts with user awareness. Organisations need to make sure that employees are aware and know what to look out for. Consider training and awareness coaching to reinforce the importance of being wary of suspicious emails to prevent this from happening.
5. 5G rollout in critical infrastructure and manufacturing will increase the threat surface for organisations
As 5G expands to include advanced enterprise, industrial, and IoT use cases, breaches can put critical infrastructure and manufacturing services at greater risk. Especially with an increasing need to remote manage automation in the physical domain. Secure by design and default are crucial techniques that must be applied to devices, as the threat surface grows exponentially.
Takeaway: Always make sure you’ve secured your network and any devices that are connected to it. Run penetration tests to look for vulnerabilities.
- Scaleup Spotlight: Climeworks is the key to fighting climate change
- How Wi-Fi6 will optimise hybrid working
- Which European countries have the best and worst cybersecurity?
- McAfee: How to make telehealth safer for a more convenient life online
For the second half of 2021, anticipation and preparation are two of the most important aspects that organisations need to remember. As the battleground intensifies and hackers up their game, pre-empting their next move could be the difference between a prevented hack, and your entire organisation being paralysed, stripped of its critical data and worse still going under.
The only way to survive and thrive is to expect the worst and be prepared.
Hackers are smart, but we can be smarter.