2020 will go down in the annals of corporate history as a game-changing year. Even now, as we slowly begin to emerge from a pandemic that forced entire countries into lockdown, our collective economic futures are still shrouded in uncertainty. Those businesses that have managed to weather the turbulence have had to undergo significant change, with some industries reportedly cramming a decade’s worth of digital development into the space of 90 days in something McKinsey calls The Quickening.
By Jon Lucas, Co-director of Hyve Managed Hosting
However, with rapid change comes vulnerability, and where there is security there is often complacency. Whenever the status quo is threatened, those that have found relative stability are often the first to fall as bad actors seek to take advantage of the turmoil. The past year’s global migration to the cloud due to the pandemic is just the latest in a series of black swan events that cybercriminals will be seeking to capitalize on, but this time many businesses have been caught well and truly on the back foot. In this article, we’ll take a look at the top five cybersecurity risks and trends to look out for as we navigate the choppy waters of 2021.
State of play
Since the pandemic and the virtual wholesale migration to remote working, nearly 70% of business leaders became acutely aware of their cyber vulnerability increasing. In the U.S., the FBI has reported a 300% increase in the number of cyberattacks since early 2020, and recent data published by Google showed a staggering 18 million daily phishing attempts at the start of the pandemic. A report by Verizon reveals that the number one motivation for cybercrime in 2021 is financial gain and exploitation, which effectively puts any business at risk regardless of sector or industry.
These figures are alarming, but they’re not necessarily news. Cybercrime has been steadily rising for years, both in frequency and sophistication. But there’s something about 2020/21 that should make us sit up and pay attention. The landscape has changed. Businesses are now at more of a disadvantage than they were prior to the pandemic, with many having completely changed their working culture and technology architectures. So what has changed? And what should businesses be especially mindful of?
1. The target on the backs of businesses is now much bigger
One of the biggest dividing lines between pre-pandemic and post-pandemic is the ‘surface area’ cyberattackers now have to work with. Many businesses that were previously based on-premise in an office, working on a private network, are now suddenly adapting to a hybrid environment where half their workforce might be working at home at any given time. While VPNs and virtual desktops will prove invaluable, there’s no doubt that a distributed workforce hopping from device to device – and often throwing their own personal devices into the mix – will be a huge security headache in 2021.
2. Our digital footprint is about to explode
By 2025, more than 200 zettabytes of data will be stored on the cloud. Digitalization has always been on the cards, but the pandemic has accelerated this process at an unnatural rate. Businesses that worked hard to adapt quickly following the pandemic will have been tempted to cut corners and perhaps leave themselves more vulnerable than if they had taken a gradual, phased approach. With so much data moving online so suddenly, and security infrastructure playing catch-up, we’re likely to see cybercrime increase in volume in the years following the pandemic.
3. Expect to see a lot of ransomware headlines
Ransomware might be more than two decades old, but it’s now the weapon of choice for attackers that want to exploit business for financial gain. Some estimate that there are now more than 120 ‘families’ of ransomware, and hackers are employing increasingly more sophisticated methods when it comes to hiding malicious code. So-called ‘double extortion’ ransomware cost businesses $8 billion in 2019, $20 billion in 2020, and we’re likely to see that trend continue throughout 2021 and beyond.
4. Critical Infrastructure (CI) will be highly targeted
The World Economic Forum published a paper that revealed attacks on critical infrastructure (CI) have become the “new normal” across the energy, health care, and transportation sectors. Most CI infrastructure is particularly vulnerable because of the sheer surface area attackers have to work with, with no shortage of network endpoints to exploit. The now infamous SolarWinds breach in 2020 is the biggest warning sign yet of CI becoming a new target for cybercriminals.
5. Old fashioned brute force attacks are back with a vengeance
The latter half of 2020 saw a 12% uptick in the number of DDoS (distributed denial of service) attacks against corporations. Using botnet swarms, attackers aim to overwhelm networks with IP requests and slow response times – in some cases completely sidelining entire services. Expect to see DDoS attacks brute force their way back into the conversation in 2021 and beyond.
The much anticipated “new normal” might still be a way off, but one thing is for certain – cybersecurity is going to be a huge part of the conversation moving forward.
About the Author
Jon Lucas, along with his business partner Jake Madders, founded Hyve Managed Hosting, in 2001. Since then, in his role as Director, Jon has facilitated the growth of Hyve from a small start-up to a hugely successful managed cloud hosting company with a global customer base. With a background in software development, Jon has spent time at Crédit Agricole, Goldman Sachs, JPMorgan Chase, and M&C Saatchi throughout his career.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.