“The Next 9/11 Will be a Cyberattack, Security Expert Warns” ~ CNBC
“Experts Say the ‘New Normal’ in 2025 Will Be Far More Tech-Driven, Presenting More Big Challenges” ~ Pew Research Center
“Cybercrime to Scale New Heights in 2021: What Can You do About it?” ~ InfoSecurity Group
Headlines like these are great sources of information for cybersecurity professionals, but they’re enough to put the rest of us on edge. With more than half a million new pieces of malware released daily, are such announcements merely fear-mongering that are meant to increase readership or reality-based warnings that all of us need to heed?
Latest cybersecurity Stats for 2021
Last year alone, there were nearly 4,000 confirmed data breaches that affected dozens of companies and millions of individuals. Even paragons of technology like Microsoft left more than 280 million customer records exposed to hacking and exploits.
These are the types of attacks that all of us face exposure to on a daily basis. But what made 2020 different – and left us all a little more shaken and vulnerable – was the rise in remote work and eLearning, telemedicine, and online shopping/delivery/banking services.
That’s in addition to the release of multiple stimuli and PPP payments, general misinformation and distrust, and the resulting scams that were created or reinvented in response by opportunists.
The nature of the current threat vectors
While you can be assured that ‘traditional’ threats like ransomware, malware, brute force attacks, and phishing/spear phishing scams are still around, new threats are emerging due to the realities of remote work, IoT, EHR, and countless COVID-related scams popping up in their thousands.
So, how is the “new normal” impacting our cybersecurity and privacy?
Rising vulnerabilities putting customer financial information at risk
From inside threats due to advanced social engineering techniques to vulnerabilities brought on by telehealth systems, the threat of data breaches, leaks, and outright theft will continue to plague business owners, developers, and individuals on a scale that we’ve never experienced before.
To help avoid this, online businesses are being forced to rely on accounting or invoicing tools that are armed with an array of security features such as PCI-DSS certified encryption to keep sensitive customer financial information safe and secure. Tools such as these can offer companies much convenience since they can centralize customer data so it is both secured and easily accessible.
“Fileless” frameworks add a new twist to ransomware attacks
This is a classic case of putting a new spin on an old exploit. While ransomware attacks were on a downward trajectory, the tech and nature of the attacks have made them more difficult to detect and prevent.
The new attacks involve ‘fileless frameworks’ that were created to bypass traditional cybersecurity measures like anti-malware/antivirus scans. This allows hackers to use tools and platforms that are already approved as ‘safe’. This results in faster attacks that traditional measures can’t detect or intercept until long after the damage is done.
Remote work increases the attack surface
Remote work and distance learning are not new, but due to the global pandemic, they have become more widespread. Companies and schools were forced to close down or transition to a virtual environment to contain the virus, and many of these changes may become permanent.
Businesses, with a little help from PPP, have generally done a great job of making sure that their workforce has the tech they need to conduct business from afar. However, the increased interconnectivity increases the likelihood of data breaches emerging on a large scale infecting entire remote corporate networks rather than individual systems and devices.
So many mobile apps – so much more crime
These days, there’s an app for everything. This means booming business for app developers and rising security concerns for the rest of us. In addition to viruses, trojans, data mining, and resource theft, financial scams promising COVID-19 stimulus and relief are on the rise and targeting vulnerable users.
Timeless cybersecurity best practices
When it comes to cybersecurity, prevention is best. However, nothing is totally foolproof. This leaves adhering to current best practices for detection and mitigation to contain the attack and limit the amount of damage.
Cyberattacks tend to recycle. Although new technologies are deployed or tweaked to reinvent old exploits like brute force attacks, phishing scams, and other old hacker favorites, we at least have a baseline to implement damage control:
Expand testing: In addition to traditional pen testing, develop with security baked into the design. Cloud-based storage and hybrid systems must also be thoroughly checked at all access points.
Beware of blind spots: The rise of third-party developers and proliferation of mobile app development/use means that cybersecurity experts are contending with blind spots in organizational architecture. Be cognizant of the need for careful integration when installing or upgrading systems.
Protect systems with bullet-proof strategies: An increase in online shopping, investments, and banking means implementing security solutions to protect data and reduce the risk of breaches, scams, and attacks with high-level encryption. Tools such as VPNs can encrypt data and keep it from being seen by hackers. Sydney-based cybersecurity expert Will Ellis from Privacy Australia argues that VPNs are a necessary cybersecurity tool in today’s world if you are serious about encrypting your data.
“A VPN provides a much higher level of privacy and anonymity than available through your ISP,” says Ellis. “Thanks to the encryption protocol, data in transit (such as credit card or Social Security numbers) are unreadable to anyone who manages to hack the system and take a look. Think of a VPN connection as a safe tunnel through which all the information associated with an online session can travel, hidden safely from the outside world.”
Non-techies need to develop and follow better cybersecurity practices and protocols as well. Business owners should ensure that all employees are using the same apps, platforms, and devices to conduct business. They should also make sure that employees are trained and understand basic preventative measures regarding access control and separation of work/personal networks and devices.
Ensure that they keep all systems, apps, and platforms updated, and never open unsolicited emails or links. Conduct security audits at regular intervals, and make sure to heed the advice of security experts regarding the results.
Often, it seems that cybersecurity is an endless loop of ‘threat – mitigation – threat’ that never ends. While we can never have a world that is free of cybercrime completely – we need to take care of our cybersecurity strategies with diligence, foresight, and talent can decrease the risk of becoming a victim of a cyberattack and better protect our assets, both data-based and financial.
There is never a 100% guarantee success rate, but adhering to effective cybersecurity practices and instilling cybersecurity education will actually go a long way toward managing risk and limiting exposure.