The cybersecurity threat landscape is ever-expanding and dynamic. As attackers develop more sophisticated approaches, businesses need to be ready to stop them in their tracks.
Successful cyber attacks lead to potentially huge payouts for relatively little risk, making them extremely appealing to criminals. By being aware of the most prevalent cyber threats, you can adapt your business’s protection and response strategies accordingly. Here are the five top cybersecurity threats for 2021 and some potential countermeasures to combat them.
#1 Phishing
Industry statistics show a 600 percent increase in phishing attacks over the last year. Here at Umbrella, we too have seen a noticeable increase in blocked phishing attempts by our email security.
Phishing is a type of social engineering attack. It involves sending fraudulent emails that look reputable to obtain information from individuals. The prevalence of phishing reflects the ease with which it can be carried out. Attackers need only obtain the email addresses of victims, set up an email account, and compose a credible email purporting to be from a trustworthy source. The recent increase in phishing emails (and the SMS and voice mail variants discussed below) follows the increased reliance on remote communication as a result of the global pandemic.
One of the best ways to combat phishing is through employee security awareness training. Informed employees are more vigilant toward suspicious emails, and more likely to report a threat before it wreaks havoc. A company that develops a strong cybersecurity awareness culture is far better equipped to handle phishing attacks.
#2 Ransomware
Ransomware is a type of malicious software that blocks access to computer systems or data until a ransom is paid. It continues to be one of the top cybersecurity threats in 2021 – a third of all malware is now ransomware – because of its huge potential payouts. These attacks are typically carried out through phishing.
Many successful ransomware attacks in the past targeted healthcare organizations, utilities, and pharmaceutical companies, all of which depend heavily on ‘always-on’ IT services. Attacks that made global headlines include ‘WannaCry’, ‘CryptoLocker’, and ‘Petya’. Many ransomware attacks go unreported because the victims do not want the publicity.
Take the following steps to mitigate your risk of a ransomware attack:
- Patch management: Apply all patches to your operating systems and business applications as soon as they are released to ensure any security vulnerabilities are eliminated.
- Asset inventory management: Keep an up-to-date record of your IT assets to ensure no system or device is left unprotected by outdated software or hardware.
- Employee training: Security training minimizes the risk of people clicking on unverified links, opening untrustworthy attachments, using public Wi-Fi to access confidential data, or giving out personal details.
- Offsite backups: Ensure your systems and data are automatically backed up to a secure off-site location, so you can continue operating in the event of an attack. At Umbrella, we offer a backup and disaster recovery solution to guarantee your business continuity.
- Be prepared: If you are hit with a ransomware attack, be ready to isolate your computer by disconnecting from the internet and business networks. You can then use security software to detect infected files and decryption tools to restore your data.
#3 Credential Stuffing
The dark web is a collection of websites not accessible by standard browsers. Heavily encrypted, this where cybercriminals sell their hacking services, discuss new ways to target businesses like yours and sell stolen information. These compromised usernames and passwords can then be used for credential stuffing, where automated bots enter the credentials into huge numbers of sites until they find a match. This type of attack depends on victims reusing passwords on multiple accounts.
In addition to using unique passwords for every login, you can counter the threat of credential stuffing with:
- Multi-factor authentication (MFA): In enabling MFA on your accounts, a secondary form of identification is required beyond your password, such as a one-time passcode sent to your phone or fingerprint recognition, creating a barrier against credential stuffing attacks.
- Dark web monitoring: Regularly scan the dark web for stolen credentials from your business. At Umbrella, we offer this as part of our cybersecurity services.
- Advanced firewalls: Ensure you are utilizing a firewall that can detect suspicious traffic and block multiple login attempts from those sources.
#4 Smishing and vishing
Smishing is a relatively new type of cyber attack that leverages SMS in the same way that phishing utilizes email. The basic premise is to send fraudulent text messages that appear to be reputable. In a successful attack, the recipient of the SMS message reveals confidential information or downloads malicious software under the assumption that the message is from a legitimate source.
Similarly, vishing attacks use phone calls instead of text messages to trick people into giving information. Countermeasures for smishing and vishing are similar to phishing: Ongoing employee security awareness is paramount. People tend to know not to click suspicious links or attachments in emails, but there is less awareness about fraudulent text messages or voicemails.
#5 Accidental Sharing
Not all cybersecurity threats come from attackers directly targeting your business. One of the top dangers for 2021 is accidental sharing. With the increased use of cloud storage and cloud hosting, breaches can occur when employees accidentally give the public access to sensitive cloud files and systems.
An important way to combat the threat of accidental file sharing is to encrypt data before sharing it in the cloud. Encrypted data is extremely difficult for attackers to decipher, whereas plaintext information is readable by anyone with access to it.
You should also enforce the principles of least privilege and zero trust. Least privilege dictates that individuals only have access to information that is necessary for performing their specific jobs. This helps to reduce the chances of human error by limiting the number of people who can view and/or share sensitive information. Zero trust, as the name suggests, is a policy to trust no source automatically; every connection must be considered suspicious until proven safe. This approach helps defeat cybercriminals who rapidly and regularly vary their attacks.
Make sure your business is protected
That rounds off the five top cybersecurity threats for 2021. If you’re concerned about the cybersecurity of your business, contact Umbrella to find out about our services. We can help you develop a comprehensive prevention and recovery plan that will ensure your data security and business continuity. Get in touch today for a free consultation.