If you run a small or medium-sized business, chances are you use, make, sell, or support technology in some way. Maybe all of the above. A year into the COVID-19 pandemic, you may depend on technology products and services simply to keep your business operations going during this lean time. Or perhaps you’ve pivoted your company to embrace a tech-centric approach, and business is booming. Either way, the digital world you find yourself in is likely here to stay—in some form or fashion—long after the pandemic has passed.
As a result of the accelerated digital transformation many businesses have experienced over the past 12 months, cyber risk management is more important than ever. Capturing, storing, and using digital information is essential for most organizations, but with the power to hold and access sensitive data comes the responsibility to protect it as well. To do that, you first need to know what cyber threats exist, so our team compiled a list of the top five cyber threats to watch out for in 2021.
#1: Accelerating Development of the Ransomware Economy
It may seem strange to think of cyber crime as a business, but criminal actors and organizations operate in an economy like every other business. There are supply and value chains, product and service delivery methods, “customer” (victim) support mechanisms, and of course—financial transactions. The fact that it is lucrative for many perpetrators only fuels the development of the cyber crime economy.
One area of cyber crime that has seen an explosion of activity in recent years is ransomware, a form of attack where a cyber criminal encrypts your data so you can no longer access it without paying a fee (the ransom) to the attacker. Most people don’t realize that there are multiple layers of individuals and criminal organizations involved in the ransomware industry. Software engineers, distributors, buyers, botnet infrastructure vendors—the list goes on.
As more companies get hit with ransomware, there are more opportunities for cyber criminals to collect ransom payments, which enables more development and distribution of ransomware, and the cycle continues. The multi-layered ransomware economy is poised to grow and become more sophisticated, posing an even greater threat to all businesses (big and small). If you weren’t thinking about protecting your business against ransomware before, you should be now.
#2: Remote Workforce Attacks
Cyber criminals are opportunistic. When much of the corporate world shifted to a work-from-home model in early 2020, cyber attackers saw an opening to exploit the new remote workforce. Losing centralized control of network and endpoint security meant companies were exposed to new and increasingly difficult-to-manage vulnerabilities such as home wi-fi networks, additional online tools with access credentials that can be stolen, limited employee awareness of how to spot and address cybersecurity threats, rapidly evolving email phishing campaigns, and more.
With many companies choosing to remain fully remote or giving employees the option to work from home moving forward, you should expect this threat trend to continue. If your workforce operates remotely, you would be wise to take some time to assess your company’s cyber vulnerabilities and reinforce weak spots for maximum protection against bad actors looking for an easy score.
#3: DDoS Attacks on Cloud Service Providers
A distributed denial-of-service (DDos) attack is a type of cyber incident in which a malicious actor floods an internet-connected host with service requests from disparate sources, effectively making it impossible for legitimate service requests to be fulfilled. In other words, if the internet were the road that commuters took to get to work every day, a DDoS attack would be like thousands of rogue autonomous vehicles suddenly creating a traffic jam on the road so that commuters could not reach their target destinations.
The distributed nature of these attacks (illegitimate requests from many sources instead of a single source) makes them difficult to prevent and stop once they are in progress, unless you have proper cybersecurity safeguards in place. One of the largest DDoS attempts on record occurred in 2020, when Amazon Web Services—the global market leader among cloud infrastructure service providers—reported thwarting an attack on its systems with AWS Shield, its proprietary DDoS protection product. With more businesses moving to cloud infrastructure for data storage and computing, cloud service providers are likely to be an increasingly popular target for cyber attacks.
#4: Third-Party Security Risks
If your business uses computer technology and digital information in order to function, you are undoubtedly using at least one software-as-a-service (SaaS) tool to help you operate. In reality, you may use dozens (or hundreds) of SaaS tools. Regardless, by employing third-party vendors that interact with your company’s digital assets, you assume additional cyber risk.
Your company could have a robust security program in place, but if your vendors have poor cyber hygiene, your data and systems are still vulnerable to attack. The 2020 breach of several U.S. government agencies and a number of corporations using compromised software updates from third-party vendor SolarWinds illustrates this type of cyber threat. Unfortunately, your security posture is only as strong as the weakest link in your supply chain or distribution network, so vetting your third-party partners for strong cybersecurity practices is crucial to your own cyber risk management strategy.
#5: Poor Security Controls in IoT-Connected Devices
We live in a connected world, with more internet-enabled devices coming online every day. While increased connectivity can enhance operational efficiency and convenience, many components of the Internet of Things (IoT) lack robust, intentional cybersecurity measures. Users of IoT-connected devices may unwittingly expose themselves and their businesses to unnecessary cyber threats if those devices do not have built-in security controls.
Hackers routinely monitor for newly connected IoT devices, and if one or more of those devices is unsecured, it’s an easy target for an attack. The growing number of vulnerable components comprising many business systems is one reason DDoS attacks are on the rise (see #3 above). If you currently rely on IoT-connected devices to streamline your business operations (or plan to in the future), it is important that you have a plan for securing those devices to fend off potential cyber attacks.
The above list doesn’t cover every possible cyber threat. The comprehensive cyber threat landscape is constantly changing as new threats emerge and others fade away due to improved defensive tactics or loss of interest by cyber criminals. But the top five list highlights some key areas where your business should start to strengthen its own risk management programs this year. If you need help assessing your company’s cyber risk or developing a strategy for mitigating or transferring that risk, Trava’s integrated solution can simplify and streamline your entire protection plan.
If you’re ready for better cyber risk management to keep your company safe, let’s talk.