When it comes to cyber security, things move quickly, as both hackers and security providers compete to outsmart one another. New threats – as well as innovative ways to counter them – emerge regularly. In this overview, we will look at the most recent developments in cyber security.
1. Remote working cybersecurity risks
Because of the Covid-19 pandemic, most businesses were forced to shift their workforces to remote work, and in many cases, they had to do so quickly. According to numerous surveys, a large proportion of the workforce will continue to work from home following the outbreak of the pandemic.
It is one of the most talked-about new trends in cyber security that people are working from home, which introduces new cybersecurity risks. Home offices are frequently less secure than centralized offices, which are more likely to have more secure firewalls, routers, and access management, all of which are managed by information technology security teams. The traditional security vetting process may have been less rigorous than usual in the rush to keep things running – and cybercriminals have adapted their tactics to take advantage of the situation.
Many employees use their devices for two-factor authentication, and they may also have mobile app versions of instant messaging clients, such as Microsoft Teams and Zoom, installed on their devices. As the lines between personal and professional life become increasingly blurred, there is a greater risk that sensitive information will fall into the wrong hands.
A critical cyber security trend is for organizations to pay attention to the security challenges associated with distributed workforces, which is a critical cyber security trend. In addition to identifying and mitigating new security vulnerabilities, improving systems, implementing security controls, and ensuring proper monitoring and documentation are all important tasks. For additional information and advice, please see our comprehensive guide to working from home safely.
2. The Internet of Things (IoT) evolving
The growing Internet of Things (IoT) creates more opportunities for cybercriminals to prey on their victims. When we talk about the Internet of Things, we are talking about physical devices other than computers, phones, and servers that are connected to the internet and share data. Wearable fitness trackers, smart refrigerators, smartwatches, and voice assistants such as the Amazon Echo and Google Home are all examples of Internet of Things (IoT) devices. Approximately 64 billion Internet of Things devices is expected to have been deployed worldwide by 2026, according to current projections. This increase is being aided by the growing popularity of remote working options.
Because of the large number of additional devices, the dynamics and size of what is sometimes referred to as the cyber-attack surface – that is, the number of potential entry points for malicious actors – have changed significantly. Most Internet of Things devices has lower processing and storage capacities when compared to laptops and smartphones. Using firewalls, antivirus software, and other security applications to protect them may become more difficult as a result of this. As a result, Internet of Things (IoT) attacks are among the most frequently discussed cyber-attack trends. More information on the Internet of Things security threats can be found here.
3. The rise of ransomware
Even though ransomware has been around for nearly two decades, it is a rapidly expanding threat in cyberspace. It is estimated that there are over 120 different families of ransomware in existence today, and hackers have become extremely skilled at concealing malicious code. Ransomware is becoming increasingly popular because it is a relatively simple method for hackers to earn financial rewards, which is contributing to its rise. Another factor was the outbreak of the Covid-19 virus. When combined with remote working, the rapid digitization of many organizations resulted in the creation of new targets for ransomware. As a result of this, both the number of attacks and the size of the demands increased.
Extortion attacks are carried out by criminals who steal a company’s data and then encrypt it so that they are unable to access it. Afterward, cybercriminals use blackmail to force the organization to pay a ransom in exchange for the release of its confidential information. The cost of dealing with this cyberthreat is significant, both in terms of the sensitive data at stake and the financial consequences of paying the ransom.
During the year 2020, ransomware made history by being a contributing factor to the first reported death caused by a cyber-attack. In this incident, a hospital in Germany was locked out of its systems, rendering it unable to provide care to its customers. A woman in need of immediate medical attention was transported to a nearby hospital 20 miles away, but she did not survive.
As a result of machine learning and more coordinated sharing on the dark web, ransomware attackers are becoming more sophisticated in their phishing exploits. Hackers typically demand payment in cryptocurrencies, which are difficult to track down and trace back to their source. Shortly, we can expect to see an increase in the number of ransomware attacks on organizations that are not cyber secure.
You can find information on the most significant ransomware attacks of 2020 here, as well as information on the different types of ransomware here and here.
4. Increase in cloud services and cloud security threats
Cloud vulnerability continues to be one of the most significant trends in the cyber security industry. Again, the widespread adoption of remote working as a result of the pandemic has increased the demand for cloud-based services and infrastructure, which has had serious implications for the security of organizations.
Cloud computing services provide several advantages, including scalability, efficiency, and cost savings. However, they are also a prime target for criminals and other intruders. Default cloud settings are a significant source of data breaches and unauthorized access, as are insecure interfaces and account hijacking, all of which are caused by incorrect configuration. Because the average cost of a data breach is $3.86 million, organizations must take precautionary measures to reduce cloud-based threats.
Aside from data breaches, network security trends and cloud security challenges that organizations must deal with include the following:
Monitoring regulatory compliance in multiple jurisdictions.
Providing enough information technology expertise to meet the demands of cloud computing
Problems with cloud migration
Having to deal with a greater number of potential entry points for attackers
Some are accidental; others are deliberate. Insider threats are caused by unauthorized remote access, weak passwords, unprotected networks, and the misuse of personal devices, among other things.
Issues relating to cyber security
5. Social engineering attacks getting smarter
Social engineering attacks such as phishing are not new, but they have become more concerning in light of the widespread use of remote workers in recent years. Attackers target employees who connect to their employer’s network from their homes because they are easier to identify and exploit. In addition to traditional phishing attacks on employees, there has been an increase in whaling attacks on senior executives and other members of the organization’s leadership.
SMS phishing, also known as smishing,’ is becoming increasingly popular as a result of the widespread use of messaging apps such as WhatsApp, Slack, Skype, Signal, WeChat, and others. Users are tricked into downloading malware onto their phones by attackers who use these platforms to their advantage.
Another variation is voice phishing, which is also known as ‘vishing,’ and gained popularity after a Twitter hack in 2020 brought it to public attention. Hackers posing as IT personnel called customer service representatives and tricked them into granting them access to a critical internal resource. Many companies, including financial institutions and large corporations, have been targeted by the virus Vishing.
SIM jacking is another type of fraud in which fraudsters contact the representatives of a particular client’s mobile operator and persuade them that their SIM card has been hacked is also prevalent. It becomes necessary to transfer the phone number to another card as a result of this. Upon successful completion of the deception, the cybercriminal obtains access to the target’s digital contents on his or her phone.
However, criminals are constantly looking for new ways to stay one step ahead of organizations that are increasing their protection against phishing. This includes sophisticated phishing kits that target victims in different ways depending on where they are in the world.
