At the start of 2020, cyber security trend experts warned that cloud security needed greater focus, that ransomware would become more targeted and sophisticated, and that cybercriminals were exploiting artificial intelligence (AI).
Experts also estimated that technological advances such as 5G would cause some security headaches, and that the widespread use of IoT devices would signal new and increasingly complex cybersecurity threats.
Predictions were that phishing would remain the biggest thorn in the side of cyber security, mobile malware would become a much bigger problem, and that insider threats arising from the malicious or negligent use of systems by employees would continue causing sleepless nights.
They weren’t wrong, especially about ransomware becoming more prevalent and targeted. Several ransomware groups targeted banks across the globe in 2021, increasing the ransom amounts they demanded in exchange for not publishing stolen data. According to Kaspersky, it is no longer about encrypting data but about disclosing sensitive information stolen from victim’s networks. Due to payment card industry security and other regulations, these leaks can result in major financial losses.
Data breaches were also among the leading cyber security trends in the healthcare industry, with sensitive information about businesses, employees, and patients remaining a target of cybercriminals. The healthcare sector is now the most targeted industry in the world, with 66% of companies reporting ransomware attacks in 2020, which is an increase of around 22% to the previous year’s survey by Check Point Research. Amongst these was the Life Health Care group which suffered an attack that forced it to shut down systems and impacted its operations for almost two months.
Law firms, too, were under fire, and it wasn’t only the large firms. Companies with less than 20 lawyers accounted for half of all ransomware attacks in the legal industry. Though ransomware played havoc, phishing, as the experts predicted, was the most common cyber-attack experienced by businesses in 2020.
But what nobody predicted was the Covid-19 pandemic, causing a 300% increase in remote working and compounding an already complex threat landscape.
In many cases, employees were mobilised to work remotely so quickly that organisations didn’t have the time to really consider the implications for information security. Security controls and protocols were neglected because the main goal was to keep the business cogs turning.
Fast forward to March 2021, and unsurprisingly experts are predicting an increase in attacks on remote infrastructure, as well as large scale failures arising from the growing use of multiple, connected cloud architectures.
Citing a survey by Enterprise Technology Research, Charl Ueckermann, Group CEO at AVeS Cyber International, says that the percentage of workers permanently working from home is expected to double in 2021.
“The level and complexity of cyber security threats associated with the sheer number of people working remotely present an unprecedented challenge for organisations. While ransomware, phishing, and cloud vulnerabilities are ever-present threats to be watched and managed, securing the remote workforce is undoubtedly the number one concern now. A rethink about how data is protected in a hybrid and converged data world is absolutely necessary. Cyber security strategies need to be realigned to be data-focused rather than technology-focused.”
Of real concern, says Ueckermann, is how data is accessed and how to secure it effectively. Data is the lifeblood of every business. No business wants the integrity or security of its data to be compromised. The problem is that data is no longer housed centrally and securely in a closed network – it is everywhere. It is on employees’ laptops and mobile phones. It’s in the cloud.
“How secure are these devices? How should these devices connect to sensitive company information? How is sensitive information protected at its source? Is data-level security in place to prevent data loss and fraud? Are users equipped to evade zero-day cyber threats? Are they cyber security aware?
“These are important questions for every company to be able to answer, especially those which store and process sensitive information, such as financial institutions, lawyers, healthcare companies and doctors, and education institutions. The greater the sensitivity of the data, the more valuable it is on the black market.
“Using a ‘pattern of life’ approach, companies need to look at how data flows both inside and outside the organisation. Proactively monitoring behaviours and patterns over time – such as how data is stored, accessed, and shared – is the only way to reduce cyber risks and data costs at the same time.”
So, what are the key cyber security priorities in a remote working world?
“Cyber security awareness training; governance, risk and compliance tools; and fraud detection systems, including identity verification and risk assessments,” concludes Ueckermann.
“As companies fast-track digital transformation, empower more people to work remotely, and increasingly shift to the cloud, an out-of-the-box approach toward technology investments is required. It is not simply about availability. It is about optimising cost, performance and data security.”