Cybersecurity threats have been a hot topic lately, with numerous malware attacks all over the world. But, as P.W. Singer and Allan Friedman’s book Cybersecurity and Cyberwar: What Everyone Needs to Know clearly stated back in 2014, some basic cybersecurity hygiene can prevent many problems. Nothing much has changed since then, yet cyber security salaries in the industry keep growing. And good news for every cybersecurity analyst out there.
On the other hand, the COVID pandemic has changed many things in our daily routines, and approaches to cybersecurity are not an exception. This article will analyze the top cybersecurity threats 2021 has posed because it seems we’ll still have to prepare for those in 2022.
Most employees have no understanding of cybersecurity guidelines
Despite clear guidelines established in the NIST cybersecurity framework, most average employees have little understanding of the dangers behind new cybersecurity threats and the main signs that could indicate them. We all know that: someone shares a link to a funny video or anything work-related like the latest industry trends or an update on Firefly launch, and most users will click on it without thinking. There goes your corporate cybersecurity.
The switch to remote work has made matters even worse because many companies were not (and still aren’t) prepared for a change that leaves gaps in their cybersecurity protocols. Even now, as the pandemic draws to a close, many companies are not willing to return to their pre-2020 office routine. This, in turn, poses one of the biggest cybersecurity threats for corporate systems that still have weak spots when it comes to:
Cybersecurity threats and vulnerabilities
VPNs and RDPs
Weak, often repetitive passwords set by remote workers expose VPN and RDP vulnerabilities, allowing access to corporate networks and their data. Planting ransomware is another biggest cybersecurity threat that results from weak VPN passwords.
The number of thread hijackings has skyrocketed during the pandemics, along with its success rate. Most hacked threads contain malicious attachments and link to phishing sites. Employee accounts have also become more accessible as remote workers increasingly use alternative communication channels when working from home. Employee reliance on collaboration platforms such as Zoom and Slack only makes things more harmful because most of them assume that only legitimate users can access those channels. And that is precisely where most phishing attacks took place in 2020-2021.
Vulnerable and compromised hardware is one of the top cybersecurity threats examples for remote work. Unlike office computers that are regularly maintained and updated (or at least should be), home laptops often lack the necessary cybersecurity patches. The spread of bringing your own device (BYOD) practices creates a similar problem. On the one hand, people are more productive when they work on a device they’re used to, but on the other one, this device could become that cybersecurity ‘bat’ that locked us all at homes last year.
Using mobile phones to store corporate files is another pressing problem, especially if we consider that mobile cybersecurity keeps lagging behind cyber threats. And not just mobile security.
The spread of cloud services outpaces cybersecurity advances
Failure to implement proper cloud security is another typical example of cyber security threats in 2021. In fact, experts estimate it to stay a significant problem until 2025, and most cybersecurity incidents will traditionally be the user’s fault. Right now, around three-quarters of businesses are struggling to ensure effective cloud cybersecurity, and it’s unlikely that we’ll see a rapid drop in these numbers in 2022.
Threats of double-extortion ransomware keep growing
Ransomware as a Service (RaaS) keeps providing malware to less savvy players who cannot create their own malware. In 2020, it will cost businesses worldwide a whopping $20 billion, which is 75% more in comparison to the last year. Besides, when users are supposed to pay out their encrypted files back, traditional extortion is gradually replaced by double-extortion. Now, failure to pay a ransom may result in a public data leak or these data being sold to the highest bidder.
Automated large-scale zero-day attacks are increasing, too
Another problem with cybersecurity these days is that most organizations simply lack the tools and resources to handle large-scale automated attacks. Cybersecurity attackers and defenders keep playing their game of cat and mouse, but the game keeps escalating, and its stakes are ever-higher. Today, we clearly see that cyber attackers have become more organized while advanced hacking tools keep popping up online. Besides, most corporate organizations rely on past-generation cybersecurity protocols that are useless against automated large-scale multivector attacks.
Zero-day cybersecurity attacks are another pressing concern. Most businesses take over three months to apply a patch once a cybersecurity vulnerability is discovered, but it takes advanced cybercriminals about a week to find this vulnerability. In 2021, zero-day attacks were growing steadily, just like the number of publicly-reported vulnerabilities. Currently, this number already exceeds 20,000 a year.
Added Bonus: Healthcare cybersecurity keeps suffering
As cybersecurity news goes, the number of cyberattacks on hospitals compared to the pre-pandemic times doubled by late 2020, and a similar situation has been clearly traceable in 2021. It is not entirely clear if mass vaccination will reduce the strain on medical professionals, offering them a chance to increase their cybersecurity (that was never too advanced in the first place). However, this trend may well continue in 2022, so cybersecurity professionals may want to send their resumes to a couple of hospitals, too.
How to monitor cybersecurity threats in real-time?
With these cybersecurity threats in mind, it looks clear that the human factor will remain our most significant concern in the nearest future. And it is evident that cybersecurity specialists should get ready to take a closer look at the most common cybersecurity threats described above and start using modern tools like ANY.RUN sandbox to analyze these dangers.
Moreover, Malware Trends Tracker allows the observation of malware threats and their popularity in real-time. All data is based on the user’s uploads which can definitely help shape the view on the up-to-date malware trends and improve any company’s defense.
On a corporate rather than technical level, introducing cybersecurity programs for employees seems an obvious step. So far, however, this approach was not very effective, to say the least. And it’s up to you to change it.