Last year was one of the most disruptive that businesses have ever experienced. Along with the changes that needed to be made to enable remote teams, companies had to figure out new ways to connect with customers and keep their operations going.
While businesses were struggling to adapt, cybercriminals were having a heyday, sending out a ton of cyberattacks of all types.
Here are some of the startling statistics that businesses need to know:
- The FBI reported an increase in cybercrime of 400% during 2020.
- 53% of surveyed businesses saw an increase in phishing attacks.
- During the pandemic, ransomware grew 72% and mobile vulnerabilities by 50%.
Cybercrime also became more organized and targeted. 2020 found underground criminal organizations using tools like ransomware to line their pockets, and they’ve made it more efficient and effective.
This year, perhaps more than any other, it’s vital for businesses to take a good hard look at their cybersecurityand address new challenges on the horizon.
Is Your IT Security Strategy Ready for These Emerging Threats?
To identify the biggest security concerns of 2021, we reviewed two important cybersecurity reports. One is the Sophos 2021 Threat Report and the other is McKinsey’s report on how cybersecurity spending is changing this year due to the pandemic.
Here are the biggest threats to prepare for this year.
Ransomware has a category all its own on the Sophos report because of the rise in both volume of attacks and ransom demand.
By the end of 2021, it’s projected that there will be a ransomware attack every 11 seconds.
Large underground crime cartels have adopted ransomware as a money-making tool and have added a new twist to get cash from even those businesses that have a full backup of their data. That is to demand money in exchange for not releasing their sensitive information online.
A ransomware prevention strategy is vital, and it needs to go beyond the backup and disaster recovery plan.
Insider Attacks Through Hacked Login Credentials
Because so many companies have moved their data to cloud tools, hackers are going after user login credentials with a vengeance. It’s more difficult for them to hack a large SaaS provider like Google or Microsoft, so instead they look for a way to log in as a legitimate user and perform attacks from the inside.
Many companies still don’t have a handle on user passwords and haven’t put other safeguards in place like multi-factor authentication (MFA). Access security should be a main priority for all businesses that want to keep their cloud accounts and data secure.
Remote Workforce Security
A new concern that’s moved to the top of the priority list because of the pandemic is remote workforce security. Companies and employees had to quickly adjust to remote working during 2020, and many didn’t put proper security procedures in place.
36% of surveyed organizations say they’ve suffered a security incident because of a remote employee.
One of the reasons for the significant rise in cyberattacks during the COVID crisis was due to hackers taking advantage of less secure remote workers.
Both remote desktop protocol (RDP) and virtual private network (VPN) technology have been major targets for hackers during the pandemic.
Poorly Trained Employees
A surprising find in the Sophos threat report was that everyday mistakes are still causing a significant number of data breaches. This happens due to poorly trained employees who don’t know the basics of good cyber hygiene and/or aren’t trained on IT security regularly.
According to the report, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”
Employees need to receive regular cybersecurity training and refreshers throughout the year not only to hone their skills, but also to let them know their organization takes IT security seriously.
There was a rise in mobile malware in 2020 and it was also found that many apps stores have a hard time finding and removing malicious apps in a timely manner. This leads to unsuspecting users downloading apps containing things like spyware and banking trojans.
Most businesses haven’t kept up with mobile device security in the same way they have with protections for computers and servers. Yet, mobile devices are now handling a large portion of the daily office workload.
It’s important that companies have a mobile device management policy in place that ensures mobile devices used to access employee data are properly protected from malware and other threats.
Schedule a Cybersecurity Checkup Today!
Rocky Knoll Technologies can help your Charlotte area business ensure your security is prepared for new and emerging threats through a cybersecurity checkup.
Contact us today to schedule a free consultation. Call 704.594.7292 or reach us online.