Now that the world is ready to take on what 2021 has in store for us it can be accurately said that “If COVID-19 has taught us anything, it is that there is a real need to anticipate threats”. At present, where all of the world is connected through the Internet, the need for cybersecurity has never been more critical. It goes without saying that organizations need to invest in a comprehensive cyber protection solution that keeps organizations one step ahead of those who’d harm them. The top security threats that all organizations must look out for and be prepared in advance to combat these are:
RISE OF RANSOMWARE: Ransomware is a type of malware crypto virology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. To put it in simpler words it is just like your confidential information getting kidnapped. Globally, a total of 199.7 million ransomware attacks have been reported in the third quarter of 2020 and is showing no signs of abating in 2021.
CREDENTIAL STUFFING: For those hearing it for the first-time credential stuffing is a type of cyber-attack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application. According to new analysis by Arkose Labs, “1.3 billion fraud attacks were committed in the third quarter of 2020, with some 770 million making use of credential-stuffing techniques”.
EXPOSED CLOUD: The Oracle and KPMG Cloud Threat Report 2019 reveals that cloud vulnerabilities and misconfiguration is and will continue to be one of the biggest cybersecurity challenges faced by organizations. This is because enterprises are leveraging cloud application and storing sensitive data related to their employees and business operations on the cloud. The adoption of the cloud is creating new challenges for firms and exacerbating the old ones.
DDoS ATTACKS: DDoS attacks have slowly been creeping back up to the top 10 list of security threats to organizations. This is largely attributed to growing IoT deployments, better internet connectivity with 4G and upcoming 5G networks and greater digitization efforts during pandemic. Here are a few disturbing facts about DDoS attacks:
a. Service provider respondents reported a 52% increase in DDoS attacks which was 38% last year
b. Wireless communications companies experienced a 64% increase in DDoS attack frequency
c. The total number of attacks will reach 17 million by 2021 globally
d. The cost of a DDoS attack according to recent security surveys averages between $20,000 – $40,000 per hour
APPLICATION LAYER ATTACK: If anything, this pandemic has accelerated “Online Everything” from eLearning to eCommerce. WFH has prompted organizations to take their internal applications like CRM, HRM and ERP online – further exposing their data. Estimated 90% web applications on public Internet have known vulnerabilities and cybercriminals are having a merry time exploiting them. 2020 has seen web application attacks increase by 800% since the year before and such attacks will continue to haunt organizations in 2021 as well.
PHISHING: While millions of people struggled to learn the real facts about the pandemic, cybercriminals saw their opportunity and began phishing campaigns since mid-March with subject lines such as “Covid-19 in your area?” and “Message from the World Health Organization.” It is estimated that organizations experience as many as 1,185 phishing attacks every month. Unfortunately, most employees have a hard time figuring out phishing emails and those who do only 3% of them report them to their management.
CLICKJACKING: A malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects, including web pages. “We identified three different techniques to intercept user clicks on the Alexa top 250K websites, and detected 437 third-party scripts that intercepted user clicks on 613 websites, which in total receive around 43 million visits on a daily basis,” researchers said.
INSIDER THREAT: Over the last two years, there’s been a 47% increase in the frequency of incidents involving Insider Threats. Shocking right? As per the 2020 Cost of Insider Threats Global Report, the overall cost of insider threats is rapidly rising. There is a 31% increase from $8.76 million in 2018 to $11.45 million in 2020. Also, with work from home being the new normal and people using their personal laptops for accessing official sites and data may make it more prone to incidental or unintentional sharing.
MACHINE LEARNING POISONING: Machine learning poisoning is one of the most prevalent methods used to attack ML systems. It describes attacks in which someone purposefully ‘poisons’ the training data the algorithm uses. The ultimate goal is to corrupt or weaken it.
INCIDENTAL SHARING: The so-called plague of the always-connected era. With an increasing trend of sharing everything on social media, sometimes people overshare without even knowing that may be not in the best interest of them. According to a global survey of IT professionals, 27% of all businesses have lost sensitive business data due to “internal IT threats” in the past 12 months. It’s now a high priority internal problem since “accidental data leaks by staff” were reported by 29% of all businesses.
