So, 2020 is now behind us, and in the world of cybersecurity, it was a pretty awful year. In the first nine months of 2020, a staggering 36.1 billion records were breached in the U.S, according to a report issued by RiskBased Security, shattering the previous nine-month high of 8.3 billion set in 2019. In fact, the number of records exposed in the third quarter of 2020 alone was equal to the first nine months of 2019.
However, we’re not out of the woods yet. This year may not be any better than last, which is why we need to be vigilant about guarding ourselves against these five cybersecurity threats.
1. Cyber Attackers Now Targeting Large Companies
Individuals and small businesses have long been the target of cyber criminals because they represented easy targets, but emboldened hackers are now launching global attacks on large corporations. Software AG, the second-largest software vendor in Germany and the seventh largest in Europe, was hit by a ransomware attack in October 2020, while Carnival Corporation, the world’s largest cruise line operator, reported a data breach two months earlier. Since the commencement of the global pandemic, cyberattacks are being reported at a rate of 4,000 per day, leading INTERPOL to release a report on the impact of COVID-19 on cybercrime, in which it stated that cyberattacks have shifted away from individuals and small businesses to major corporations, governments, and critical infrastructure.
2. Phishing Threats are Persistent
Phishing attacks have long been an effective method for stealing identities and credentials, launching malware programs, cryptojacking (cryptocurrency mining), and more, and the threat is not going away any time soon. The same goes for ransomware attacks, which continue to fund the bank accounts of international cyber criminals. In 2020, Deloitte’s Cyber Intelligence Centre reported a spike in phishing attacks, malicious spam, and ransomware attacks that use COVID-19 to bait users. This has resulted in a greater number of infected personal computers, USB flash drives, and smartphones – leaving organizations large and small incredibly vulnerable. Many of these attacks attempt to trick employees to download ransomware disguised as legitimate COVID-19 applications. With the hope of coronavirus vaccines now in front of us, expect a new wave of attacks to exploit users through vaccination-baiting strategies.
Think you and your more employees are too smart to fall for the bait? In August 2020, Microsoft released a survey that reported “an alarming number of businesses” are still impacted by rudimentary phishing scams.
3. Insider Threats are on the Rise
According to the Cybersecurity Insiders 2020 Insider Threat Report, 70% of organizations are reportedly seeing more frequent insider attacks, both from malicious actors and unsuspecting employees who unwittingly infect corporate networks with USB flash drive, external hard drives, mobile phones, and other portable media.
In fact, insider threats – along with hackers – are now the leading cause of data breaches, according to the Ponemon Institute’s Cost of a Data Breach Study. What’s more, incidents caused by insiders tend to have larger costs than other breaches.
The Ponemon study reported that, over the last two years, the number of insider incidents has increased 47%. While that is shocking, this is even more so: A staggering 60% of organizations suffered more than 30 incidents per year. Here’s more bad news: Over the same period, the cost of insider threats has increased by 31%, with the average insider incident now costing organizations $11.45 million.
4. The Cybersecurity Skills Gap is Worsening
We are in the middle of a cybersecurity skills shortage, and few in the I.T. industry would argue otherwise. It has long been an issue that many companies can’t effectively source the in-house talent they need, even as threats accelerate in both volume and sophistication. The situation doesn’t appear to be improving either, according to a report published by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA). The survey of cybersecurity professionals showed that 70% of respondents believe their organization has been impacted by the global cybersecurity skills shortage, while 45% believe the cybersecurity skills shortage has gotten worse over the past few years and 48% say it’s about the same. Only 7% believe things have gotten better.
5. Mobile Devices Continue to be a Major Cybersecurity Risk
Portable media devices such as USB flash drives, smartphones, music players, SD cards, and external hard drives are ubiquitous. It is likely you own at least two of these devices – and probably more. While all portable media have inherent dangers, USB flash drives and external hard drives pose the greatest threats, as they allow employees to copy and transfer data, take that data off site, and conduct business outside the secure perimeters of the office.
In this new work-from-home era created by a global pandemic, the cybersecurity dangers are growing exponentially, as the very properties that make these devices portable and enable them to connect to various networks also make them vulnerable to network security breaches. According to a Harvard Business Journal article, the cost of mobile app hacks and breaches is projected to reach $1.5 billion this year.
Easy Steps You Can Take Today
To protect our organizations from both external and internal attacks, we need to deploy every available cybersecurity strategy. An easy place to start – and a strategy often overlooked – is to secure your computer and network ports. If employees, subcontractors, and vendors are unable to plug their portable media devices into your computer and network ports, you reduce the chance of malware infections, data breaches, and more.
USB port locks, network module locks, LAN cable locks, and secure USB hubs for your attached USB devices are inexpensive devices that effectively thwart both malicious and negligent insiders. Yes, you need to ensure your networks cannot be penetrated through the cloud, but you also need to ensure they cannot be penetrated by people inside the walls of your office either.