How many of us were not allowed to work remotely before the Global Pandemic?
We all know friends, family, colleagues whose companies or government organisations were inflexible about working from home. Ironically, the inflexible suffered the most and in many cases were proven wrong. A professional whose primary responsibilities are conducted online or on the phone can be very efficient and effective from anywhere - for at least a few days a week. Plus, the benefits are vast to both employers and employees: we often work longer hours; we don’t spend money on commuting 5 days a week; we help the environment; it provides important quality of life for and flexibility for parents and caregivers and so on.
And yes of course there are risks that have to be addressed. The fact is, most companies and almost all government entities were unprepared for the sudden shift to remote work. And for many, security and assurance were the last things on their minds. They were just focused on operating to stay viable.
For example, risks included having to allow employees to use their personal devices for work, creating vulnerabilities to their online data and transactions or not having IT infrastructure or connectivity to support working from home. Accordingly, the pandemic has dramatically exacerbated our reliance on the digital world, making any disruption to online access or functionality debilitating. CrowdStrike’s 2021 Global Threat Report found that 79% of intrusions were crime based - up 10% from last year, demonstrating that online criminals took full advantage and will continue to do so.
So what action can you take? First be in the know and then take smart action. Check out the top five cyber security threats for 2021:
1. Phishing
Phishing has long been a favourite of cyber criminals because it’s easy and it works. Phishing involves tricking individuals into disclosing sensitive personal information through deceptive computer-based means (NIST SP 800-83). Criminals just need to get lucky one time to have a successful phishing scam. All it takes is one click. The uncertainty surrounding information around the pandemic has created a perfect storm for phishing scams. People are desperate for information about COVID-19, vaccines and how to schedule their appointments. Criminals will continue to take advantage of that scenario by playing on a sense of urgency and taking advantage of our humanity. Criminals are also exploiting the situation around stimulus payments. They pose as government agencies or representatives providing or requesting information to ensure you get your stimulus payment. Phishing was a major theta before the pandemic and, unfortunately, it’s here to stay.
Solution Options: Trend Micro's Deep Discovery Email Inspector, PreVeil
2. Ransomware
Ransomware is another attack that was popular before the pandemic and continues to pose a significant risk to people, businesses and organizations. Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files until a ransom is paid (Trendmicro). Again, due to the world’s reliance on all things digital now, enterprises are becoming bigger targets of ransomware. Local governments, the healthcare industry, individuals and small and midsize businesses continue to be targets as well.
Another new trend in ransomware for 2021 is the new tactic of data exfiltration. The bad guys have started to exfiltrate data from a target’s device and threaten to or actually begin to slowly release data for sale on the Dark Net in order to convince victims to pay the ransom quicker. Criminals using ransomware are finding new ways to keep it a top threat in 2021.
Solution Options: Mimecast's Targeted Threat Protection, Sophos's Intercept X.
3. Cloud Breaches
Companies are turning to cloud services more and more during the pandemic to ensure employees have access to the necessary data. Cloud infrastructure on its own is very secure. The responsibility to configure other security like encryption and protection of data that resides in the cloud belong to the client. When the client does not configure their security for the cloud correctly, they are extremely vulnerable to a data breach. With more companies moving to the cloud for a variety of reasons, including increasing access for a remote workforce, cloud breaches are a Top threat for 2021.
Solution Options: CrowdStrike, CipherCloud
4. Bring Your Own Device
As noted above, a lack of resources forced many companies to allow employees to use their personal devices for work. Procuring and supplying a laptop to each employee as much of the world’s workforce shifted to full-time remote work was unrealistic and near impossible. Personal devices are convenient but are less secure. Personal devices are not managed by a company’s IT department and are therefore less likely to be patched, meaning they are running out-of-date software that has security vulnerabilities left in place that criminals and attackers can exploit. People using their personal devices are also conducting personal business on those devices, interacting with sites or web traffic that they wouldn’t necessarily be interacting with on a company owned and monitored device, further increasing the opportunity for a breach of company data. The end is in sight but the ease and convenience of remote work might be here for the long haul, making the use of personal devices for official company business a threat.
Solution options: SaferNet, VyprVPN
5. Internet of Things Devices (IoT)
IoT devices are used in a variety of ways now, they’re not just personal home voice assistants or useful tools to track your fitness goals. IoT devices are used to collect data, conduct customer service and manage infrastructure remotely. IoT devices were designed for convenience, practicality and ease of use. They were not designed with security in mind. The general lack of security makes them easy targets for bad guys to target. IoT devices can be used to become part of a botnet or your credentials can easily be stolen which leaves you in trouble if you don’t have different passwords for different accounts.
Solution Options: Malwarebytes Endpoint Protection, Symantec Endpoint Protection
From a Digital Age Risk perspective, 2021 will see many of the same threat vectors as 2020 as we continue to navigate the pandemic and often work remotely. The difference is that the online criminals are getting more sophisticated and impacting a larger percentage of businesses and organisations. By implementing a handful of risk mitigation solutions, you can keep your business, organisation or household secure and limit the impact of a Cyber Event.
Comprehensive Cyber Protection for Your Business
WhiteHawk Limited (ASX: WHK), a Barclay Pearce Capital client, is the first global online Cybersecurity Exchange enabling businesses of all sizes to take smart action against cybercrime.
WhiteHawk's Cybersecurity Exchange is based on a platform architecture that is Artificial Intelligence (AI)-driven, with a focus on identifying, prioritising, and mitigating cyber risks for businesses of all sizes. Whitehawk's focus is on next-generation risk monitoring and prioritisation approaches that leverage publicly available data sets, Artificial Intelligence (AI) based analytics, online risk platforms that scale to identify, prioritise and mitigate a breadth of digital age risks in near real-time. Their methods have been tested and evolved with government departments and fortune 500 companies.
Using machine learning and cyber know how, any business can access their online and virtual service, to help you discover, learn, receive immediate online matches to top solutions, affordable products and services, or chat with smart cyber advisors in real-time, so you can own your cyber risk and success story.
Terry Roberts is available for an interview. Contact Donna Warner, Barclay Pearce’s Chief Marketing Officer: donna@barclaypearce.com.au
To keep up to date with what's happening with WhiteHawk and the cybersecurity industry as a whole, subscribe to the Whitehawk Chairman’s List.
