2020 will go down in history as a transformative year for many businesses and the social-economic landscape as a whole. The COVID-19 outbreak brought global trade to a standstill and radically reshaped the way we live and work. Most notably, many companies switched to a remote working structure following the pandemic restrictions. This move led to an increasingly hyperconnected online workspace and a sharp spike in enterprise cloud adoption.
Sophisticated threat actors capitalized on the chaos created by the crisis and the mass migration to virtual workplace to perpetrate their heinous crimes. Security firms and authorities reported an astonishing 800 percent surge in cybercrime in just the first five months of the pandemic.
Most significant data breaches in 2020
According to a 2020 data breach report, the number of reported data breach incidents in Q1 2020 decreased by 58 percent compared to Q1 2019. This decrease was due to disruptions in the breach reporting mechanisms; plus, 2019 was also exceptionally active in cybercrime. But even so, the number of exposed records surged by 273 percent between Q1 2019 and Q1 2020.
2020 was undoubtedly a busy year for cybercriminals. Here is a list of a few memorable data breaches that made headlines last year:
- SolarWinds compromised update: SolarWinds unwittingly sent out a compromised software update to its clients. Up to 18,000 customers, including US government agencies, installed the flawed update, exposing them to stealthy data theft attacks. The attack was first reported in December 2020 but had probably been active since March.
- Twitter spear-phishing attack: A 17-year-old hacker from Florida, US, compromised over 100 high-profile Twitter accounts, including those of former US President Obama, Apple, Elon Musk, and Kanye West, to run a bitcoin scam on unsuspecting Twitter users.
- Garmin ransomware attack: In July, Garmin paid millions of dollars to an alleged Russian-based crime syndicate following a successful ransomware attack.
- Zoom credentials theft: In April 2020, over 500,000 Zoom passwords went on sale on the dark web. The platform later came under scrutiny after continuous waves of attacks.
- Easy Jet data breach: In early 2020, the UK-based airline reported that a highly sophisticated hacker had stolen over 9 million customer records comprising contact information and payment card details.
Cybersecurity trends 2021
But enough about 2020; let’s look ahead to 2021 and beyond. What should we expect in terms of emerging threats and cybersecurity trends? The truth is, we’re not totally out of the woods yet with the whole health crisis, and events of the previous year still haunt the cybersecurity landscape. But the digital security world is highly dynamic and constantly evolving. Watch out for these cybersecurity trends and emerging cybersecurity threats in 2021:
Remote and cloud attacks are in full swing
External cloud-based attacks rose by 630 percent between January and April 2020. This spike unsurprisingly correlates with the mass exodus to cloud-based remote working platforms. Remote workers and remote working services are prime targets for cyberattacks. In a recent survey, 20 percent of the respondents said they experienced a security breach at the expense of remote workers.
Telecommuting is here to stay. So, we should expect to see an increasing number of cloud and remote attacks throughout the year.
Vulnerable 5G-powered IoT networks
5G is slowly rolling out across the globe. The new high-speed wireless network is quickly revolutionizing automation by powering IoT networks – the building blocks that make smart homes, industries, workplaces, and cities a reality. 5G is still relatively new in terms of security maturity, and IoT networks already have their fair share of security loopholes. Security experts warn that coupling 5G and IoT could open new doors for threat actors.
Supply chain attacks are getting a lot of press
A supply chain attack happens when a hacker manages to manipulate the services or software products of a third-party vendor in order to compromise the downstream clients who use them. A good example of this is the SolarWinds attacks, in which companies using the vendor’s malware-infected software were compromised.
Supply chain attacks are unpredictable and may involve a wide range of vectors, including zero-day exploits, APIs, and open-source applications. These types of attacks can be mind-blowingly elaborate, and that’s what makes them so dangerous.
Phishing is becoming more sophisticated
According to the 2021 State of the Phish Report, 57 percent of organizations faced successful phishing attacks in 2020. Phishing is not a new threat; it actually accounts for a large portion of cybercrimes every year. But going into 2021, threat actors have really upped their game by employing ingenious social engineering tactics such as vishing, USB-based attacks, social media attacks, deep fakes, and smishing.
On top of that, employees are now more vulnerable to phishing attacks than ever, especially those working from home.
Malware and ransomware are the cyber weapons of choice
Malware injection is still the easiest way for hackers to gain privileged access to protected data or infect computer systems with malicious code. Millions of malware are detected every day, even in the most unlikely devices, such as smartphones, autonomous vehicles, and smart wearables. Malware and ransomware attacks are also getting more sophisticated. Some of these exploits sometimes involve intelligent malware tools and elaborate multi-stage attacks targeting less obvious hardware and software.
Ransomware crimes really do pay. The average ransom paid by attack victims shot from $115,123 in 2019 to $312,493 in 2020. The highest ransom paid last year went up to $30 million. The financial incentive motivating these attacks is the main reason they are so rampant.
DDoS attacks are rising
Distributed denial of service is another breed of cybersecurity threat that stubbornly persists in 2021. And not only that, DDoS incidents are rising alarmingly fast. Akamai reports that DDoS attacks are getting bigger, too. The researchers pointed out that Q1 2021 registered more volumetric 50+ Gbps attacks than all of 2019.
DDoS attacks are equally as lucrative as ransomware attacks and actually quite similar in potential devastation. And like ransomware attacks, rich payouts are the main motivations behind DDoS attacks. The threat surface for these attacks has also dramatically expanded due to the heavy online traffic between remote corporate networks.
How to safeguard your organization
What can organizations do to avoid falling victims to cyberattacks? Regardless of your business model, here are two crucial things to consider when formulating a cyber defence plan:
Adopt Zero Trust cybersecurity model
As the name suggests, the Zero Trust security approach assumes that all employees, devices, software applications, and third-party services or products cannot be trusted. This model follows three principles: always verify, use least privileged access, and assume breach. Adopting this model improves visibility into the data environment and its external connections, decreases the vulnerability potential, and gives you security control over your supply chain and workflows. Learn more about implementing Zero Trust security architecture here.
Train your employees on cybersecurity
A majority of successful data breaches are caused by human error, particularly employees who fall for social engineering scams or disregard security protocols. Turn your staff from a security weakness to a strength through cybersecurity training and accountability. Educate everyone (both remote and in-house workers) about the potential dangers of cyber threats, the importance of observing cybersecurity guidelines, and each employee’s role in protecting data.
In closing, ensure you stay in touch with all the latest developments in cybersecurity – emerging threats, trends, and solutions. It’s also essential to look inward into the changes your organization is going through and how they might affect its security posture. 2021 is proving to be another record-breaking year for cybersecurity; you better know what to expect.
Feel free to contact Softlanding if you need a hand with your cybersecurity. We are committed to helping businesses utilize digital solutions safely and efficiently.