Cyber security issues are a constant struggle for businesses in 2021. Since COVID-19 we have seen an increase in remote working which has made inroads for cyber attacks. Security research has also found that many businesses have unprotected data and poor cybersecurity practices in place, making them vulnerable to data loss.
Cyber takes a look at the Top 10 cyber security threats for businesses in 2021.
10: Cloud security threats
94% of organisations are moderately to extremely concerned about cloud security according to a survey by Checkpoint Software Technologies. When asked about what are the biggest security threats facing public clouds, organisations ranked misconfiguration (68%) highest, followed by unauthorized access (58%), insecure interfaces (52%), and hijacking of accounts (50%). With more companies digitally transforming and leveraging online collaboration tools in 2020, the migration to cloud computing also accelerated. The cloud will continue to shape the way businesses operate in 2021 and beyond exposing a slew of security challenges and threats.
09: Social media based attacks
As social media use continues to rise, it continues to be a medium of choice for launching cyberattacks.Data breaches have demonstrated weaknesses in social networks for hackers to slip through, and naiveté on the part of users means hackers don’t even have to break through the site’s defenses. Phishing schemes, spoofed accounts, and other ways to trick users into giving up their credentials are a constant threat. It is predicted that in 2021 attackers are likely to transition from targeting individuals to targeting businesses via social media.
08: PDF scams
PDF files are an enticing phishing vector as they are cross-platform and allow attackers to engage with users, making their schemes more believable as opposed to a text-based email with just a plain link. Unlike many email scams, PDF scams often don’t ask you to open a link to give information.
PDF scammers know people are wary of an email asking them to click a link. However, people are more likely to open a PDF if they think it is a statement balance or press release. Palo Alto Networks says between 2019-20 it noticed a dramatic 1,160% increase in malicious PDF files and this is only set to rise.
07: Database Exposure
Exposed databases are as bad as data breaches and are set to be a big challenge for businesses in 2021. According to American IT provider, Straight Edge Technology, Some hackers use social engineering attacks to steal login credentials while others use malware to gain access, yet one of the significant issues with database exposure is the fuel it becomes for social engineering attacks.
06: Accidental Sharing
Accidental sharing is set to be a big problem for businesses in 2021 and beyond and that’s because it is based on human error. Accidental sharing includes personal or business data, and it is shared through emails, unsecured forms, messaging or social media platforms, and a host of other ways. It is a particular threat to companies where large numbers of employees have access to primary databases and occurs when information is shared or leaked accidentally.
05: SMS-based phishing (smishing)
While general phishing often occurs online through emails or web browsing, smishing occurs through SMS text messages on your phone. The attacker sends an SMS text message to a user’s phone. Opening the text message itself doesn’t start the attack, but the message contains a link. If the link is clicked, it begins the attack. More attackers are turning to SMS-based phishing over traditional email phishing because many email programmes, such as Google or Microsoft Outlook, are smart enough to detect phishing emails and label them as spam.This means the average email user doesn’t even notice most phishing attacks. However, anyone can still get a text message and open a bad link.
04: Credential Stuffing
Credential stuffing is an attack geared toward stealing user access through login credentials. This is most common in situations where the same login credentials are used for multiple sites or accounts and attacks seem to be high within the ecommerce industry. With most programmes being online, credential stuffing is said to be a significant threat in 2021.
03: IoT Devices
The Internet of Things (IoT) market is likely to grow to $1.1trillion by 2026 and this widespread use of IoT devices will herald a large number of complex cybersecurity threats. According to Symantec, IoT devices experience an average 5,200 attacks per month. The fact that a majority of new IoT devices are still in their infancy means there is a much larger attack surface for cybercriminals to target the vulnerabilities associated with them.
Phishing attacks account for more than 80% of reported security incidents according to CSO Online. After declining in 2019, phishing increased in 2020 to account for one in every 4,200 emails and continues to increase this year. According to Symantec one in 13 web requests lead to malware and $17,700 is lost every minute due to a phishing attack.
01: Ransomware attacks
Ransomware attacks have been a major concern for businesses over the past several years. Their success is largely owed to the relative simplicity with which an attacker can achieve devastating effects. Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations, and the US ranks highest with 18.2% of all ransomware attacks according to research by Symantec. The average ransomware payment rose 33% in 2020 over 2019, to $111,605, it is estimated to be even higher in 2021.