In this blog, I'll dive into cybersecurity trends that present a significant potential risk and offer some practical advice to help you reduce the overall risk.
Year to year, as existing cybersecurity threats continue to require attention, new threats are added to the mix. According to data from IBM Security X-Force, one in four attacks remediated as of September 2020 were linked to good old ransomware. Working from home offered another approach vector for threat actors, and new information security threats emerged. From privileged credential compromise to the use of mixed personal and professional networks, attackers wasted no time grabbing the lowest-hanging fruit.
Meanwhile, IT teams worked hard to defend potential weak points and cut down on emerging risks by improving identity and access management (IAM), enhancing data encryption, and switching to managed services.
While WFH isn't a new threat, it's only a matter of time before attackers compromise multiple insecure home networks at the same time to manufacture a massive-scale breach of critical systems and services. With many staff using home broadband connections for both personal use and their jobs, the corporate attack surface has increased significantly. Many people were under the impression that remote working would be a temporary phenomenon. But COVID-19 has prolonged the need for increased from-home working and decentralized workforces. As a result, the number of connected devices and BYODs has increased.
This comes with a plethora of additional cybersecurity risks. Attack surfaces have become bigger, while the measures to implement and control security and data policies (end-point security, proper access control policies) are often below par in a remote environment. This increases the risk of costly and potentially reputation-shattering data breaches. Researchers from Bitdefender paint a bleak picture: "As more and more people adhere to the work-from-home schedule imposed by the coronavirus pandemic, employees will take cybersecurity shortcuts for convenience. Insufficiently secured personal devices and home routers, along with the transfer of sensitive information over unsecured or unsanctioned channels (such as instant messaging apps, personal email addresses and cloud-based document processors), will play a key role in data breaches and leaks."
What can we do? Make serious work of real-time threat detection and endpoint security, and draw up solid governance and access control policies that include security measures like multi-factor authentication (MFA) and the labeling of documents and data (classified, sensitive, or available to every employee) based on the importance and sensitivity of the information they contain.
Fileless malware and ransomware attacks will continue to plague us. These threats are designed to bypass familiar detection controls and infiltrate key systems by "living off the land" – using approved platforms or software tools that already exist within corporate networks. This approach allows attackers to get around common detection methods that scan for malicious file attachments or catalog the creation of new files. What's more, the use of existing system tools means malicious actors don't have to design their own attack framework. That decreases the time required for malware development. Attackers are likely to use fileless malware to compromise service providers rather than specific groups. Afterward, they can use their existing infrastructure to attack downstream clients.
As with many of the other cybersecurity trends listed here, vigilance is key. Enterprises can defend against fileless threats with good cybersecurity hygiene. This focuses on getting software and systems up to date, ensuring security tools are working as intended, and deploying effective access controls – such as MFA – to reduce potential risk.
Ransomware attacks remain on the rise. In fact, Cybersecurity Ventures expects that a large to medium-sized business will fall victim to a ransomware attack every 11 seconds – a potentially costly affair, since the total costs of ransomware attacks are expected to exceed the dazzling number of $20 billion worldwide. Cybersecurity experts also predict that the impact and intensity of ransomware attacks will increase. We have seen an increase in cybercrime targeting the "opportunity" created by COVID-19. Ransomware attacks are also targeting remote workers who are accessing corporate systems. Setting up fraudulent charities, fraudulent loans, and extortion – along with an increase in traditional phishing and malware – are all on the increase. The changing threat landscape requires risk management and security practitioners to pay close attention to how exposures change over the coming months and the circumstances that influence the level of protection.
Even as attackers develop new types of threats, old ones such as ransomware, Trojans, and botnets are still around. To face these familiar threats head-on – and emerge relatively unscathed – enterprises must ensure staff have the tools and training they need to spot these attacks ASAP. This starts with training around common compromise vectors like malicious email attachments and links. It also includes ongoing efforts that help monitor email accounts, remind staff of security standards, and notify them automatically if potential threats are detected.
The insider threat is one of the greatest drivers of security risks that institutions face, as a malicious insider utilizes credentials to gain access to a given institution's critical assets. Many institutions are challenged to detect internal nefarious acts, often due to limited access controls and the inability to detect unusual activity once someone is already inside their network. The threat from malicious insider activity is an increasing concern, especially for financial institutions, and will continue to be.
The next generation of employees will enter the workplace, introducing new information security concerns to institutions. Their attitudes toward sharing information can fall short of the requirements for good information security. Reckless attitudes to sharing information online could easily set new norms for security and privacy, undermining awareness activities. Attackers will then use sophisticated social engineering techniques to manipulate individuals into giving up their employer's critical information assets.
Edge computing will be an attractive architectural choice for institutions; however, it will also become a key target for attackers. It will create numerous points of failure and lose many benefits of traditional security solutions. Institutions will lack the visibility, security, and analysis capabilities associated with public cloud service providers. Attackers can then exploit blind spots, targeting devices on the periphery of the network environment, causing significant downtime.
The biggest news story lately is COVID-19, and people continue to search for vaccination information. As a result, institutions must be prepared for an uptick in related phishing campaigns. These are very dangerous because they interest readers right away. Attacks taking advantage of this have already been detected. The United Kingdom's National Health Service recently sent out warnings about fake vaccination appointment emails. IBM X-Force identified a supply-side attack looking to compromise the vaccine cold chain.
The reason for this uptick is simple: phishing scams work. They're even more worrisome during WFH. Workers at home are getting a ton of emails even as pandemic pressures put increasing stress on their personal and work lives. The result isn't surprising: people fall for phishing. Combating this common compromise starts with improved identity management. By ensuring only the right people have the right access to the right resources at the right time, institutions can lower the risk of getting hooked. It's also critical to create a culture of second opinions around safety. If staff see something that looks suspicious, they need to say something – and need to be supported in this effort. Bottom line? When it comes to fighting phishing, slow and steady wins the race.
Protection alone isn't enough to ward off the biggest cybersecurity threats. Detection of cybersecurity threats is equally (and probably even more) important when it comes to dealing with threats that are characterized by heightened levels of sophistication, professionalism, and maliciousness.
The need for advanced detection and network monitoring will probably lead to an acceleration in the use of AI-based and machine learning-powered NG-SIEM (next generation security information and event management) tools, accompanied by human-guided threat hunting. Advanced security orchestration and automation tools allow businesses to collect data about cybersecurity threats in real-time and respond accordingly.
To combat today's trending cybersecurity threats – both emerging compromise vectors and familiar threat frameworks – institutions need a plan of attack that combines next year's tools with tried-and-true best practices. Closely following the latest news and trends in the field of cybersecurity is the best way to stay on top of potential threats in cyberspace. It will equip you with the knowledge that you need to battle them effectively. But it is important to realize that traditional protection measures often don't go far enough, as attackers continually use new methods to exploit vulnerabilities and bypass detection. Today's consumers expect their assets and information to be available and secure 24/7. They trust your institution to protect and secure their finances against cyberthreats. It's imperative that your institution continues to invest in technology and people to meet this need. The cyberthreats are real, and you need to attack them head-on.
Learn more about our information security and technology solutions.
Who We Serve
What We Offer