Today, a bunch of cybersecurity threats has the security teams on high alert. In perpetuity, sophisticated and frequent attacks involving ransomware, malware attacks, phishing, artificial intelligence (AI) and machine learning (ML), among others, have placed information systems and data belonging to organizations and individuals at constant risk. So what are some of the challenges that individuals and organizations face in cybersecurity?
Adverse Impacts of Security Incidents
At the same time, there are warnings on the increased potential for disruptions. Increasingly, businesses, governments, and individuals are heavily dependent on fragile connectivity that creates the potential for premeditated internet outages. Such incidents can bring any business operation to its knees. Other than that, there is a high risk of ransomware increase as hackers use the attack to hijack the Internet of Things (IoT).
Other than disruption, cyberthreats result in distortion, mainly with the intentional spread of misinformation by automated sources and bots. Distortion compromises trust in the integrity of information. Moreover, rapid advances in intelligent technologies and the conflicting demands posed by privacy regulations affect a company’s control over its information.
If your business faces a cyberattack, you will certainly suffer from economic costs due to theft of intellectual property, corporate and personal information, and the expenses incurred in repairing damaged systems. What’s worse, data breaches result in reputational costs, mainly the loss of consumer trust, loss of current and potential clients to competitors, and negative media coverage. What about the regulatory costs? Your organization could suffer from hefty fines or sanctions from cybercrime, with the dynamic and stringent data protection laws (PCI DSS, CCPA, GDPR, and HIPAA).
A Look into Cybersecurity Challenges for 2021
1. Phishing Gets Sophisticated
Hackers will continue transmitting carefully targeted digital messages to fool people into clicking on links that can install malware or expose sensitive data. Since organizations have become more aware of the risks of phishing emails, they have invested in employee awareness training, ensuring their employees can spot and avoid clicking on suspicious links and attachments. Subsequently, hackers are upping their ante by leveraging advanced technologies like AI and machine learning to craft and quickly distribute convincing fake messages to lure victims. Moreover, a Phishing Activity Trends Report, 4th Quarter 2020, by APWG reveals that criminals use various deception techniques, including domain names that avoid detection, encryption that provides a false sense of security, and deceptive email addresses that spoof trusted organizations and contacts. Currently, phishing remains part of 36 percent of all data breaches, according to a 2021 Data Breach Investigation Report by Verizon.
2. Evolving Ransomware Strategies
CPO Magazine reports that ransomware is “on a trajectory to inflict more economic damage in 2021.” Apart from encrypting sensitive and corporate data, ransomware attacks have evolved towards exfiltrating data, and it’s becoming a big business. Additionally, with the ongoing COVID-19 pandemic, hackers are progressively targeting the healthcare industry currently constrained while navigating the frontlines of a deadly pandemic.
Cyber criminals will continue to shift from single machine targets to lateral movement, allowing attackers to inflict more damage and reap greater rewards as they infiltrate entire businesses rather than a single victim. Undeniably, the ransomware size has risen substantially, with the average payout for those infected by Maze and Ryuk ransomware programs reaching $2.5 million and $1.5.million respectively.
Secondly, there is more extortion even without encryption. For instance, there are extortions involving threat actors who exploit networks, install persistent malware, target backups, exfiltrate data, and threaten to expose the compromise. With the increase in returns, the number of criminal groups putting their foot in the door is rising.
Thirdly, there is a destructive rise of ransomware-as-a-service (RaaS). A growing number of organizations, such as REvil, Darkside, and others, “franchise their ransomware-as-a-service (RaaS) capabilities to attackers,” writes Barbara Kay on Forbes. According to Barbara, the attackers are responsible for penetrating the organizations, while ransomware franchisers provide encryption tools, communications, and ransom collection, among other services. Characteristically, the franchiser offers all these services at a percentage of the ransom collected.
3. Cryptojacking Cybersecurity Challenges
The ballyhooed cryptocurrency movement also affects cybersecurity in different ways. Mainly, cybercriminals are continually hijacking third-party home or work computers to mine for cryptocurrency. This trend is commonly known as cryptojacking. Noticeably, mining cryptocurrency like Bitcoin requires immense amounts of computer processing power. In effect, hackers can make money by secretly piggybacking on victims’ devices, resulting in serious system performance issues and costly downtime as security teams track down and mitigate the issue.
4. State-Sponsored Attacks
More frequently, hackers look to make a profit through locking systems or stealing sensitive information. Beyond that, nation-states are increasingly leveraging their cyber skills to target and infiltrate other governments to attack critical infrastructure. Indeed, cybercrime today has become a major threat for both the private sector and the government, resulting in impacts that affect the nation at large.
2021 will be no different, as security professionals predict state-sponsored attacks to increase, especially those targeting critical infrastructure. What we mean is that most of these attacks will target government-run systems and infrastructure. That is not to say that the private sector players will be spared.
5. Cyber-Physical Attacks
We have mentioned state-sponsored attacks targeting critical infrastructure. Undeniably, the technology used to modernize and computerize infrastructures like manufacturing, communications, energy, emergency services, dams, financial services, food and agriculture, healthcare and public health, and government facilities are at risk. Recent attacks targeting electrical grids, transportation systems, water treatment facilities, and pipelines represent a major threat as we advance.
6. IoT Attacks
The Internet of Things is becoming more ubiquitous by the day. Statista forecasts suggest that more than 75 billion IoT-connected devices will be in use by 2025, which would be a nearly threefold increase from the IoT installed base in 2019. IoT includes various internet-enabled devices, such as laptops, tablets, routers, webcams, household appliances, medical devices, manufacturing equipment, smartwatches, automobiles, and home security systems.
Needless to say, digital devices are handy for consumers. In that account, many individuals and companies use IoT devices to save money and make informed decisions by collecting immense amounts of data and streamlining processes. But, the more connected devices result in greater risks, making IoT vulnerable to cyber threats. Additionally, once a hacker gains control of a connected device, they can potentially create havoc, lockdown crucial systems for ransom or overload networks to cause a denial of service (DoS) attack and DDoS attacks.
7. Third-Part Risks – Cybersecurity challenges that are difficult to control
Third parties, mainly vendors and contractors, pose a significant risk to companies, especially those who lack secure systems or teams to manage third-party employees. Providentially, as cyber attacks become frequent and sophisticated, businesses become aware of potential threats posed by third parties.
Astonishingly, the top 30 e-commerce retailers and digital services in the US are connected to 1,131 third-party resources each, with 23 percent of those assets having at least one critical vulnerability. That way, if hackers compromise one of the applications within this ecosystem, it opens hackers a gateway to other domains. Verizon reports that web applications were involved in 43 percent of the breaches. Moreover, approximately 80 percent of organizations experienced a data breach originating from a vulnerability in their third-party vendor ecosystem.
8. Social Engineering Attacks
Undeniably, hackers are becoming growingly sophisticated, not only in their use of technology but also in leveraging psychology in targeting victims. In particular, they deploy social engineering attacks and tactics by exploiting the human psychology weakness, which is found in every organization. Typically, cybercriminals use different media, such as phone calls, emails, and social media, to trick people into offering them access to sensitive information. From the previous analysis, the 2020 Data Breach Investigation Report by Verizon reveals that almost a third of the breaches last year incorporated social engineering techniques, of which 90 percent were phishing attacks.
9. Insider Threats
Even without any malicious intentions, your employees will mistakenly end up with all types of breaches. Think of all the privileged access insiders have to the company’s data, leading to human error and cyberattacks. Actually, humans pose most significant cybersecurity issues than machines. Insider threats affect more than 34 percent of businesses globally every year. In fact, 66 percent of organizations consider malicious insider attacks or accidental breaches more likely than external attacks. Shockingly, the cost of insider threats (related to credential theft) for organizations in 2020 was $2.79 million, with the figure expected to rise in 2021.
10. Severe Shortage of Cybersecurity Professions – Cybersecurity Challenges that we must overcome
Meanwhile, cybersecurity continues to suffer from a severe shortage of experts and professionals. The 2020 Cybersecurity Workforce Study conducted by (ISC)2 found that even though the number of cybersecurity professionals required to close the cybersecurity skills gap has shrunk from 4.07 million to 3.12 million experts, the employment in the field still needs to grow by approximately 41 percent in the US and 89 percent worldwide to fill the present talent gap. In addition, the National Association of Software and Services Company (NASSCOM) estimates that India, a country with a population of approximately 1.34 billion, alone will need 1 million cybersecurity professionals to meet the demands of its rapidly growing economy. The (ISC)2 and several other reports reveal that the stakes are higher than ever, as the cybercrime epidemic shakes public faith in valued ideals like personal data privacy, capitalism, and democracy.
The Growing Importance of Cybersecurity in Organizations
Fitting cybersecurity strategies promise to protect computers, networks, critical infrastructure, industrial control systems, and data from malicious attacks in the present complex threat landscape. Essentially, effective and efficient measures require coordinated effectors across all information systems to keep attackers at bay. Some of the security controls and best practices that organizations and individuals can deploy include infrastructure security, end-user behavior, organizational policy framework, network security, information security, and cloud security.
Meanwhile, growing a business in today’s competitive world requires you to wake up to and act against cybersecurity threats. Auspiciously, investing in the right security measures allows your employees to work safely, either on the premises or offering remote work. It is vital to remember that cyber-attacks result in revenue and productivity loss, but the right controls ensure your employees work safely without worrying about the threats.
Apart from enhanced employee productivity, appropriate safeguards prevent websites and other systems from going down. Obviously, if you host a website or an application in the cloud, a cyber incident can shut the service, resulting in loss of money and customer trust. However, if you continue using the best cybersecurity solutions, you don’t have to worry about your systems crashing.
I am a cyber security professional with a passion for delivering proactive strategies for day to day operational challenges. I am excited to be working with leading cyber security teams and professionals on projects that involve machine learning & AI solutions to solve the cyberspace menace and cut through inefficiency that plague today’s business environments.