Technology

Cyber security is an ever-evolving field. As new technologies are developed, naturally, businesses are having to discuss ways to keep their data secure and minimise their susceptibility to cyber attacks. Equally, the COVID-19 pandemic has introduced new scenarios for many organisations, with many employers granting employees more flexibility over their working hours and location.

Are you seeking clarification on the latest threats? Interested to know how companies are adapting their security measures to cater to their new operational approaches? We have analysed the emerging threats and latest computer security trends facing businesses in 2021.

1. Remote work and cyber security: new threats and solutions

Working remotely to comply with the government’s Coronavirus restrictions has caused major implications, introducing new threats in cyber security.

To enable employees to work remotely and prevent as much disruption as possible, many organisations had to quickly introduce new equipment, products and services into their infrastructures. As a result of rushing this process and in some cases, eliminating certain security protocols, many companies have put themselves at a significantly higher risk of malicious attacks.

2. The introduction of COVID-19 vaccination phishing schemes

As the vaccination programme continues, cybercriminals are continually searching for vaccination information. Consequently, threats to vaccines distributors and pharmaceutical companies have increased.

There has also been a significant increase in phishing attacks associated with the Coronavirus vaccine, with users receiving ‘vaccination appointment’ emails and similar communications from hackers acting as reputable organisations.

3. Increased demand for cyber security specialists

Where cyber security has become increasingly more critical, it has become even more challenging for companies to find experienced and qualified cyber security practitioners.

Even before COVID-19, finding cyber security industry professionals was a challenge. In their 2017 Security Predictions Report, Symantec identified that a shortage of qualified experts could disrupt the cyber security landscape.

Consequently, many businesses are seeking help from external experts, like CyberCrowd.

3. Third party risk and supply management is becoming more popular

As previously highlighted, due to a shortage of cyber security professionals and the increasing complexities associated with data protection and network security, third-party risk and supply management has increased in popularity.

With third-party providers having specialists in different areas, such as penetration testing, GDPR and security operations management, organisations can get the exact assistance that they require from those who are appropriately qualified.

4. Social engineering attacks are becoming increasingly smarter

Social engineers are coming up with more creative and sophisticated ways to gain unauthorised access to data and are taking advantage of remote working to target vulnerable individuals and connect to their organisation’s networks.

As well as utilising traditional phishing techniques, there has been a notable increase in whaling and smishing attacks.

Whaling attacks are where a cybercriminal impersonates a senior individual within an organisation to obtain private information, such as bank account details.

Smishing (also known as an SMS phishing attack) is when a hacker sends an SMS message that looks like it’s from a known contact but in reality, this attack intends to steal sensitive data or money.

5. Internal threats are on the rise

The remote working model is also increasing insider threat concerns for many businesses.

In August 2019, the Software Engineering Institute at Carnegie Mellon University issued a report revealing that trusted business partners are responsible for 15% to 25% of internal incidents. With this percentage in mind, companies must make sure that they put all possible processes and tools in place to minimise internal network security threats.

6. More discipline around data protection and privacy

As a result of flexible working arrangements and the ongoing growth of high-profile cyber breaches exposing millions of users PII (personally identifiable information), data protection is being taken much more seriously, with more and more companies consulting experts in data security, privacy and management to ensure that their employees are well informed, their data is secure and that they, as an organisation, are complying with local data protection laws.

7. Companies are strengthening their cloud services

In alignment with the increase in remote and flexible working due to COVID-19, many companies are investing in scalable, cost-efficient cloud security solutions.

In the case of businesses that already have cloud-based services, there is more focus on the identification of misconfiguration and vulnerabilities to ensure that the infrastructure is as secure as possible.

According to IBM, misconfigured cloud settings were one of the main causes for data breaches in 2020, resulting in an average total cost of $4.41 million (£3.18 million) for affected companies. Migrations increased breach costs by $26,469 (£19,107) due to the correct security measures not being in place to prevent malicious activity.

8. Increased prominence of mobile cyber security

The flexibility of being able to work in any location has brought mobile cyber security to the forefront of the minds of businesses.

With employees constantly switching between devices, private and public wifi networks, an organisation’s vulnerability to malicious attacks grows immensely. Equally, newer internet technologies, such as 5G, are still being refined and therefore, create an additional security concern.

From the hacking of wearable tech to installing mobile malware and spyware, there are endless ways that hackers can penetrate our devices and cause harm and disruptions to the lives of individuals and corporations.

9. Movement from VPNs to ZTNA

For better defence against ransomware attacks, some organisations have stopped using Virtual Private Networks (VPNs) to enable access to their networks and have opted for Zero Trust Network Access (ZTNA).

Zero Trust Network Access (ZTNA) authenticates devices before they are granted network access, allowing any suspicious devices to be blocked by default. By comparison, Virtual Private Networks (VPNs) can only be disabled to prevent access from an unauthorised device.

10. Multi-factor authentication is being more widely used

To maximise resistance against data breaches, organisations have started to and will continue to implement multi-factor authentication (MFA) in addition to following password best practices.

Multi-factor authentication is when users are required to use two or more different elements to confirm their identity and authorise account access. Typical MFA methods include using an authenticator app, push notifications to a device and one-time passcodes sent via SMS.

11. The rise of AI & machine learning to better detect security threats and facilitate autonomy

As we continue to move through 2021, artificial intelligence and machine learning will pave the way for improved threat detection; helping to replace human intervention so that cyber security breaches can be quickly discovered and resolved.

According to IBM’s 2020 Cost of a Data Breach Report, organisations with fully deployed incident response and security automation solutions saved $3.58 million (£2.58 million) when experiencing data breaches.

However, whilst these advanced technologies help enhance system security for businesses, it does also present an opportunity to cybercriminals who can use AI for attack automation.

At CyberCrowd, we have a team of experts who specialise in a range of different areas of cyber security to meet our client’s requirements.

If your business is struggling to identify areas of vulnerability or you need a specific expert to help with a security project, you can contact the CyberCrowd team who’ll be able to recommend the best approach for your business.