Navigating the Evolving Landscape of Cybersecurity Threats and Trends

In the realm of cybersecurity, technological advancements are a double-edged sword. As security measures evolve, so do the tactics of cybercriminals, who are constantly refining their methods to launch more complex and targeted attacks. For organizations, cybersecurity is not just about having the right products; it’s about staying informed of technological developments and taking proactive measures to prevent cyber attacks. In 2020, data breaches and critical vulnerabilities dominated the cybersecurity landscape, while emerging technologies like Deepfake posed new risks.

Cybersecurity in 2020: A Retrospective

Last year, cybersecurity incidents were frequent and often severe, affecting global firms and resulting in significant data breaches. Key statistics from 2020 include:

94% of malware was delivered via email.
Phishing attacks accounted for over 80% of reported security incidents.
60% of security breaches involved vulnerabilities for which patches were available but not applied.
Data breaches cost businesses an average of $3.92 million.

Key Cybersecurity Threats

Social Engineering and Phishing Attacks

Phishing methods have become increasingly sophisticated and realistic. The popularity of social media platforms, which allow instant access to millions of users, has made these platforms a hotspot for cybercriminal activity. In 2020, high-profile Twitter accounts, including those of Elon Musk, Bill Gates, and Barack Obama, were compromised through a social engineering attack. Hackers used these accounts to share fake Bitcoin tweets, scamming followers out of hundreds of thousands of dollars. According to Twitter reports, hackers gained access to Twitter’s support systems and tools using social engineering techniques and launched a phishing attack to obtain passwords and credentials of Twitter employees.

Data Breaches

Marriott International experienced another data breach in January 2020, with the personal information of 5.2 million hotel guests stolen. This data included names, addresses, phone numbers, birthdates, and airline loyalty information. The breach was attributed to a third-party franchise. Many global organizations faced similar breaches, with high-profile individuals, including journalists, government officials, and FBI agents, having their information compromised.

The consequences of data breaches are severe, affecting not just customers and companies but also resulting in significant legal penalties under regulations like GDPR. Beyond financial losses, breaches can lead to long-term reputational damage and loss of trust, potentially driving companies to bankruptcy.

Ransomware

The prevalence of ransomware attacks underscores the need for up-to-date systems and security processes. Offline backups should be an integral part of cybersecurity and risk strategies. Failure to implement these measures can result in substantial financial losses. In October 2020, Software AG, one of Europe’s largest software vendors, fell victim to a ransomware attack that disrupted part of its internal network and compromised customer data. Hackers demanded a $23 million ransom, and although the company attempted to negotiate, their efforts were unsuccessful.

Finastra, a provider of software solutions to financial institutions worldwide, also suffered a ransomware attack that disrupted operations and required servers to be disconnected from the Internet. Other notable targets included Seyfarth Shaw LLP, a leading global law firm based in Chicago, and Carnival Corporation, the world’s largest cruise operator.

Deepfake Threats

Deepfakes gained significant traction in 2020. Initially used to create fake videos of politicians and celebrities, Deepfake technology has become accessible to the general public through various applications. This AI-driven threat involves creating convincing fake images, audio, and videos. Security experts warn that Deepfakes could become a serious threat to organizations, as cybercriminals can use them to impersonate company members and gain access to critical business information. In the near future, Deepfakes are expected to become a sophisticated phishing method, with hackers creating fake versions of real companies to lure customers.

Internet of Things (IoT) Device Risks

The popularity and often inadequate security of IoT devices, ranging from smart security systems to voice assistants and home appliances, make them attractive targets for cybercriminals. These devices are widely used in both homes and businesses, and the sensitive, personal, and commercial data they handle make them prime targets for cyber exploitation. In recent years, IoT devices have been used in DDoS attacks, and in the coming years, they could be exploited to gain access to customer information and corporate networks.

Pandemic-Related Exploits

Cybercriminals have seized the opportunity presented by the COVID-19 pandemic to reach a wider audience. Scammers impersonating organizations like the World Health Organization (WHO) have been active, and many companies have struggled with remote access procedures. Cyber risks have included malicious links or COVID-19-related attachments in emails and WhatsApp messages. Additionally, fake emails purporting to contain COVID-19 test results have been circulated, leading to cyber incidents when recipients click on the malicious links. These types of attacks are expected to continue throughout 2021.

Cybersecurity Trends for 2021

Cyber Insurance

Organizations that have suffered significant losses due to cyber attacks are turning to cyber insurance services to manage cybersecurity risks. This market is expected to grow substantially in 2021, reaching a broader audience as data breaches continue to rise.

Alternative Authentication Techniques

As cybercriminals continue to use advanced technologies to crack passwords, alternative authentication methods are gaining importance. These methods can provide an additional layer of security, making it harder for hackers to gain unauthorized access.

For more information on cybersecurity trends and threats, visit CISA.