May 20, 2021
Over the course of the last year, the pandemic led to a rapid rise in remote work, increasing the vulnerability of many business networks. As the workforce scrambled to transition to the home office, many cybersecurity measures were overlooked and cybercriminals took advantage of these new weak points in the system. During uncertain, stressful times, people are also more susceptible to scams that prey on their fear and vulnerability. Fortunately, we can take measures to safeguard our businesses by staying aware of the most common cybersecurity threats in the online landscape. Here are five cybersecurity threats from 2020 that your business should look out for.
1. Social engineering
Social engineering is a type of cyberattack that takes advantage of human psychology and our innate trust in people and institutions that we know. In a social engineering attack, the target is manipulated into disclosing sensitive information, often through a misleading email that appears to come from a trusted sender. Nearly one third of all breaches in 2020 used social engineering to execute the attack, and of these, 90% were phishing attacks. A social engineering attack will often take into account the time of day we may be more likely to fall for a phishing email, such as at the end of a long workday.
Social engineering is only becoming more sophisticated but training your entire team to spot a phishing email and conducting regular cybersecurity training can greatly reduce the risk. You can also implement a business policy called Zero Standing Privileges that puts boundaries on user access. Essentially, employees are only granted access to particular files or software for a limited amount of time (typically however long they need to complete the assigned task). This means that if a hacker got ahold of login information, they still wouldn’t be able to access internal systems and sensitive data.
Ransomware demands totaled $1.4 billion in 2020 and was deployed in 22% of cases. This type of cyberattack in 2020 included demanding $1.14 million from the University of California in exchange for compromised COVID-19 research data, an attack on Canon, and disabling patient care systems at a hospital in Germany, resulting in one patient’s death.
An exchange between a public school district employee and a group of hackers called the Conti gang, revealed how vulnerable we are when sensitive data is compromised. The Conti gang demanded $40 million from the school district. If the school district declined to pay, the gang threatened to publish sensitive data, such as DOBs and SSNs of students and teachers. This type of attack is a prime example of why it’s critical for any business to invest in cyber liability insurance.
According to Alan Perez, founder of Genesis CyberSolutions in Key West, ransomware is the most significant threat of 2021. “There needs to be more awareness among employees on how the attack is delivered and executed, as well as how to respond appropriately and timely,” he says.
3. Unprotected cloud servers
Over the course of the pandemic, with a large portion of the workforce transitioning to home offices, we saw a 50% increase in cloud use across all industries. Compared to 2019, the number of attempted breaches to the cloud increased 250%.
Moving your business to the cloud has many benefits, and has been a necessity for many during the COVID-19 outbreak, but it also has the potential to increase the risk of a data breach. Cybercriminals look for cloud servers that aren’t password protected or that have outdated, unpatched operating systems. Once they gain access to the server, they may install ransomware, steal or compromise sensitive data, or launch a DDoS attack.
4. DDoS attacks
A DDoS (distributed denial-of-service) attack works by disrupting the normal traffic of a service or network by flooding the surrounding infrastructure with internet traffic. In this strategy, multiple devices are attacked, from computers and phones to IoT devices such as HVAC systems and smart appliances. The resulting flood of traffic prevents intended users from accessing the network. This disrupts or completely shuts down operations. Hackers often gain access to devices because they don’t have the latest security patches or operating system, making them vulnerable (and in turn the entire connected network) to attack.
4.83 million DDoS attacks were attempted in just the first half of 2020, costing businesses an average of $100,000 each hour for the duration of the disruption. Increasingly, hackers are using AI to implement these attacks, allowing them to expand their number of targets.
5. Third party software vulnerabilities
Third party software is a major culprit when it comes to cyberattacks. If you use third party software that doesn’t employ robust security measures, or you fail to download security patches as soon as they’re released, hackers can use that software to gain access to your network. This is a major loophole leveraged by hackers because so many businesses use a large number of third party software systems to conduct day-to-day operations. The top 30 ecommerce retailers in the US are connected to 1,131 third-party resources each and 23% of those have at least one critical vulnerability.
This type of data breach costs businesses an average of $4.29 million, $370,000 more than other types of data breaches. According to Verizon’s 2020 Data Breach Investigations Report, 80% of organizations experienced a cybersecurity breach originating from a third party software vulnerability last year.
How to prevent cyberattacks
These threats aren’t going away so it’s imperative that your business is prepared. The first step is to implement a multi-layered security strategy for your business and ensure it is communicated regularly to your entire team. Part of this strategy should include regular, department-wide cybersecurity training and requiring that all team members use a password management service. Lastly, investing in cyber liability insurance can protect you from the worst fallout of a data breach, helping you to recover more quickly with less financial loss and damage to your reputation.
Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and sharpen your technical skills, from cybersecurity to digital marketing.
Want IT to serve you better?
Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at email@example.com to schedule a complimentary IT consultation.
Return to Pagoda Blog Main Page