The cyber security landscape changed dramatically over the course of 2020, primarily impacted by the shift to at-home remote working brought on by the COVID-19 pandemic. This shift presents new security threats and attack vectors.
Even as the world slowly recovers, many businesses have not only adapted to remote working but are embracing the financial benefits, which means the same threats of 2020 are bound to stay well into 2021. Cloud-based collaboration, speedy deployment of information, and other newly adopted technologies are now permanent fixtures in a rapidly evolving business world and, as a result, it is crucial for IT teams to understand and combat these new threats to stay secure and maintain a competitive advantage.
Is your business ready to take on this year’s security challenges? Read on to learn about cyber security’s biggest threats and how Ciphertex Data Security® can keep them from affecting businesses into 2021.
What Is Cyber Security?
“Cyber security” refers to the security of computer systems, networks, and data. The primary goal of cyber security is to prevent unauthorized access to data stored and transported on computer systems, such as sensitive personal or financial information stored on a server.
Hackers and other malicious sources have devised a myriad of ways to breach systems and access secure and highly valuable information. The exact means and technical methods of cyber attacks evolve to keep up with new technologies, but the basic scam categories remain the same.
Are you familiar with these common types of cyber attacks?
- Phishing: A form of social engineering where a hacker tries to “lure” a victim into giving out personal information such as login credentials. Many forms of phishing involve impersonating “trusted” officials, often through email.
- Ransomware: A type of phishing where malware on the victim’s computer will “lock” the computer, rendering all files inaccessible by the victim until they provide the ransom money or personal information. This type of attack has become increasingly prevalent in recent years.
- Brute Force Attacks: A broad category of attacks where hackers use computing power to guess passwords, overwhelm servers with requests from multiple computers (a “distributed denial of service” or “DDoS”), or attempt other breaches.
- Man-in-the-Middle Attacks: A type of “eavesdropping” attack where a hacker will “listen” to information (such as passwords) sent over a network. This attack is especially prevalent on unsecured networks such as public Wi-Fi.
While there are many other types of cyber attacks, most examples fall into one of these categories. However, every year they take on different forms—and different targets.
Cyber Security Facts and Statistics for 2021
The past two years have been a busy time for cyber security, and the numbers show it. Phishing, ransomware, and email-based attacks rose aggressively in 2020 and continue to rise 2021 as remote working becomes the norm.
Though the greatest threat for cyber attacks is at-home working, it isn’t just remote workers who are vulnerable. Read on to discover some of this year’s most concerning cyber security facts.
Ransomware payments rose 33% from 2019.
People are handing over more money to ransomware than in previous years, with ransomware payments rising 33% from 2019. This uptick is a likely result of remote workers being targeted by hackers due to increased use of personal devices and unsecured networks.
Phishing attacks make up 86% of reported attacks.
People aren’t just falling for ransomware more than usual. They’re also receiving it more, with ransomware and other phishing attacks now accounting for 86% of reported attacks. This figure also suggests that phishing attacks have become the primary tool for hackers, which will likely remain the case in 2021 as remote workers become more valuable targets.
94% of malware is delivered by email.
Email is the ideal means of transmitting ransomware, so naturally it has become the primary means of doing so. Now with more than 94% of malware being delivered by email, it’s especially important for companies to enforce strict email security policies.
Breaches went undetected for an average of 207 days in 2020.
Breaches of all forms are also becoming more difficult to notice, with the average breach taking 207 days to detect in 2020—and nearly a month more to fully resolve. One reason for this trend could be the increasing complexity of both company networks and the breaches themselves, which could be allowing suspicious activity to be easily overlooked.
IoT devices receive an average of 5,200 attacks per month.
From smart watches to factory sensors, IoT devices are ever-prevalent and ever-vulnerable. As a result, they’ve become appealing targets for automated attacks, with most IoT devices receiving an average of 5,200 attacks per month.
Cyber Security Threats for 2021
This year’s cyber security threats are, for the most part, a continuation of those from 2020. Many of these attacks seek to leverage the recent shift to remote work that came out of the COVID-19 pandemic, utilizing mainly phishing and ransomware.
Remote workers are primary attack vectors.
The rapid shift to remote work in early 2020 forced many companies to implement digital transformations much faster than planned. As a result, many had no choice but to quickly adopt cloud-based platforms and collaborative tools “out of the box,” leaving some security concerns unchecked in the process.
Even as companies and their employees settle into their new digital workflows, many security concerns remain unchecked, and often get forgotten on the back burner.
Remote workers have quickly proven to be the biggest of these oversights. When employees were in an office environment, it was much easier to ensure secure connections through local networks. Now that these same employees are connecting remotely, and enjoying the freedom to change their locations, remote access has become a larger vulnerability than ever.
Phishing and man-in-the-middle attacks are currently the largest cyber attacks affecting remote workers. In many cases, employees aren’t sure what to do when they receive ransomware, and many have reported acquiring money and valuable data in the process, which makes matters worse as giving in to ransomware threats rarely extinguishes them. Rather, it complicates the case and compounds the problem.
Remote connections are also a concern, with man-in-the-middle attacks often intercepting employee passwords and data over public Wi-Fi. Between enforcing secure connections and handling ransomware, many companies are overwhelmed with the new “decentralized” security landscape.
Automation and AI are empowering hacking.
Brute-force attacks such as DDoS attacks and password cracking indeed require “brute force.” DDoS attacks, for example, require a network of compromised devices working together to overwhelm a single server, while password cracking requires a computer to crunch through millions of possible passwords.
While these types of attacks have always been automated, further improvements to automation and AI have made them so much more effective that it is no longer a matter of will a password be hacked, but when. Subsequently, most servers and applications will experience some form of DDoS or botnet attack.
Of course, fighting fire with fire, or, more accurately, automation with automation, is a key solution as automated security tools can help detect even the subtlest early warnings of an incoming attack or anomalous activity in a network. Even so, security automation remains a formidable challenge as hackers and malicious organizations continue to gain access to greater processing power.
Breaches and malware are getting harder to notice.
The most effective breaches go unnoticed, and for good reason. Much like a thief robbing a bank in the middle of the night, hackers want to get in, get what they want, and leave without a trace.
Unfortunately, the bank analogy stops here. Unlike money or gold, valuable data doesn’t just “go missing” when it’s stolen. Instead, hackers create exact copies of data, making it look like nothing ever happened.
Sneaky hackers aren’t the only reason for undetected breaches, however. Quick adoption of new technologies and applications have made IT environments more complex than ever and as a result, it’s easy to lose track of what’s happening on a network or in an application. It’s really no wonder that the average breach takes nearly four months to be noticed—and that’s usually well after the damage has been done!
IoT devices may be the next big vulnerability.
People have more computers than they realize, especially with the advent of “smart” appliances like smart refrigerators and smart TVs. Now that everything from watches to dishwashers are quickly becoming Internet-facing devices, networks have more entry points—read: attack vectors—than ever before.
The trend isn’t just limited to smart devices, however. As many companies adopt IoT devices into their products and workflows, companies themselves are now facing the same vulnerability.
Regardless of whether an IoT device is part of a home or a business, the same oversight remains. Many people simply don’t consider their IoT devices as another computer in their network. As a result, vulnerabilities and access attempts are easily missed if not ignored completely.
How Ciphertex® Can Protect You from Cyber Security Threats
At Ciphertex Data Security, we understand how difficult it can be to keep your data secure in an ever-changing security landscape. While safeguarding your network and applications from unauthorized access is crucial, it’s only half the battle. With breaches becoming more common and harder to detect, it’s also now crucial to protect your data wherever it’s stored.
Let Ciphertex®’s range of encryption and data security solutions take the uncertainty out of your security strategy. For more information on how our products and services can help protect your data, call the Ciphertex® team at 818-773-8989.