Michael Montagliano, ProArch's CTO, shares his views and predictions on the top cybersecurity threats facing businesses in 2021 amidst the COVID-19 pandemic in the Rochester Business Journal.
This article appeared in the December 18, 2020 issue of the Rochester Business Journal.
I'm confident to say, and I'm sure everyone will agree with me, that the sooner we can put 2020 in the rearview mirror, the better! While we’ve faced the pandemic, economy and election challenges, cybersecurity threats have also added to our angst.
With 2021 squarely in our headlights, here’s a quick review of the security issues we’ve faced this year and the challenges that need to be addressed in the coming year.
In April, I wrote an article about security at the beginning of the pandemic, including statistics about the rise of targeted phishing campaigns associated with COVID-19. Nine months later, that trend has not diminished. In fact, the threat has only grown more complex with the rise of COVID-19 themed attacks.
Phishing attacks are still the primary method hackers use to bypass corporate security safeguards. They’re a low-cost, high-impact and risk-free method to simply ask a user to click on a link or enter credentials that grant the attacker a toehold on the network that they can then expand out from.
In the past, I'd say awareness training was the best line of defense. But while that is still critical, we must also be honest about training effectiveness and opt for better identity monitoring and detection tools.
A ransomware attack occurs every 21 seconds somewhere in the world. In 2020, attacks have been targeted at industries critical to COVID-19 relief and support, such as health care, manufacturing and supply chain. In other words, companies that are more willing to pay ransomware because downtime could affect lives, not just bottom lines. A recent conversation with the FBI revealed ransoms averaging over $1 million and as high as $40 million.
A company’s best defense is reliable backups protected from malicious encryption. This allows companies to quickly restore systems and return to production.
A new ransomware element was introduced this year. Recent extortion success has been primarily driven by the initiation of a data exfiltration element that downloads data before encrypting systems. This involves demanding payment to provide a decryption key and, supposedly, prevent the publication of confidential data stolen during the attack. I say supposedly because security researchers say paying the ransom doesn't always mean the threat actors delete that data. Many victims have been double-extorted or have had data published after paying up.
The pressure to submit to extortion, targeting of vulnerable industries and methods that make it more challenging to recover encrypted data will keep ransomware the most profitable "line of business" for cybercriminals in 2021 — and the single biggest threat for all organizations. That makes it critical for organizations to ensure they follow best practices for mitigating ransomware risk in the coming year.
Back in March, the pandemic forced companies to move to a remote workforce model, which included, in some cases, moving on-premises workloads to the cloud. The rush to regain productivity has left holes in many organizations’ security postures, which hackers are now leveraging.
Cybercriminals always follow users and launch attacks that exploit their behaviors and habits. As employees suddenly became remote workers, cybercriminals took advantage of launching phishing, ransomware and many other targeted attacks. Many companies were not prepared to securely support a remote workforce.
Before the pandemic, numerous companies (82%) enabled bring your own device (BYOD) for employees, partners or other stakeholders. Because BYOD is outside of corporate support in most cases, basic malware protection tools were either lacking or absent. A lack of preparedness for how to provide BYOD security support is potentially disastrous.
Failure to understand how to support remote work without exposing sensitive information has led to nearly 25% of organizations paying unexpected costs to address cybersecurity breaches and malware infections. If organizations don't rethink their security approaches, cybercrime will continue to advance, with remote workers' exploitation being the ideal entry point into corporate IT networks.
In 2021, there will be a significant increase in cyber espionage campaigns carried out by state-sponsored hackers due to the ongoing pandemic and escalating tensions between nation-states.
State-sponsored attackers strive to gather intelligence on strategic intellectual property, giving their governments a technological and economic advantage in the post-COVID-19 world.
Disinformation attacks have had severe consequences on our nation's confidence level on numerous fronts. Targeted attacks on critical infrastructure and attempts to steal defense contractors’ regulated data place the country at risk. New regulatory and audit functions are being rolled out to increase contractors’ ability to protect data. Those programs are still ramping up in 2021 and will take some time to be fully implemented.
The end of the pandemic is in sight, with vaccine delivery underway, and the economy will recover. Still, cybersecurity threats will continue, and it is our job to be ever vigilant in protecting our assets and information. 2020 placed us in the middle of a perfect storm. For cybersecurity, a multi-layered approach and the involvement of private and government stakeholders is necessary to prevent cyberattacks from having even more dramatic consequences next year.
2021 can’t get here fast enough! Happy New Year!
As chief technology officer at ProArch, Michael Montagliano leads the technology strategy and execution for the firm he joined nearly 10 years ago. He is also a “Certified Ethical Hacker.” Montagliano’s love for music inspires him to bring creativity to the world of IT every day.