Liron Barak shares her thoughts on preparing your business cybersecurity through 2021.
The first annual Cybersecurity Insight Jam was an incredible success, thanks to the dozens of submitted articles, predictions, and resources from InfoSec experts. In fact, we received so many submissions we couldn’t possibly publish all of them during the virtual event.
To share with our audience all of the in-depth and insightful content we received for the Cybersecurity Insight Jam, we devoted this week to catch up. Here, we present an article written by Liron Barak, CEO and Co-Founder at BitDam. In addition to participating in one of our panels during the Jam, she wrote this article on preparing your business’ cybersecurity through 2021.
Prepare Your Business Cybersecurity Through 2021
By Liron Barak
The upheavals of 2020 have sharpened the world’s focus on business cybersecurity. Looking ahead to 2021, how can you best prepare your organization for the cybersecurity threats you and your users are likely to face, in a climate of much risk and uncertainty?
We look at where threats are projected to come from, identify key trends, and examine ways to most effectively stay protected in the upcoming year.
WFH Will Still Be Central to 2021 Cybersecurity Plans
In the best-case scenario, COVID-19 will be under control in 2021. Even so, one of the lessons learned during the pandemic was that organizations could function effectively with a remote, distributed workforce and WFH policies.
This has forced a paradigm shift when it comes to cybersecurity. Whereas in the past organizations could rely more on centralized security and carefully controlled apps and software, today’s cloud-based suite of tools means that BYOD has been replaced by Bring Your Own Collaboration Tools. Individuals will be using popular cloud-based collaboration tools to get work done, such as Microsoft OneDrive, Google G Suite, Slack, and others, no matter what the company’s official policies are.
This paradigm shift means:
- Security weaknesses in collaboration tools needs to be taken into account
- All collaboration tools need to be protected, not just the email and end-point
Security weaknesses in collaboration tools like Teams or OneDrive are more common than people think. One recent example is a Microsoft Teams vulnerability that lets hackers take over Teams accounts. This one was quietly patched by Microsoft soon after being reported, but this is just the start. As these tools become more popular, malicious actors are going to increase their efforts to leverage such tools to exploit users.
And just as the email channel has been a focus from a cybersecurity perspective, there is consensus that going forward it’s the collaboration tools, with their ubiquitous usage and focus on productivity and quick communication, where a massive threat will lie. Protecting email is important, but in isolation, it’s not enough. All collaboration tools need the highest levels of protection.
Phishing Scams Will Leverage Crises Like COVID-19
The email function will still be one of the most vulnerable in 2021 when it comes to attack vectors. Gartner notes that “Phishing is still the No. 1 initial access vector for malware attacks” (Gartner, How to Respond to the 2020 Threat Landscape, 2020) and according to Verizon’s 2020 Data Breach Investigation Report, 96 percent of phishing attacks are delivered by email.
COVID-19 has shown that employees are generally unprepared for even semi-sophisticated phishing attacks. Experts have reported a 30,000 percent increase in COVID-19 oriented phishing threats and this threat has been reported by INTERPOL. The INTERPOL alert also notes a trend that is likely to continue into 2021: Those perpetrating phishing attacks are shifting their targets away from individuals and towards corporations, governments, and critical infrastructure.
To combat this effectively within your organization, a combined approach is recommended:
- Don’t count on your employees to suspect links as scams or be able to identify phishing emails
- Ongoing education is critical
- Deploy protection that will prevent phishing attacks from reaching your end-users
This approach, combining the latest tech solutions with employee education, has been shown to yield the best results when it comes to protecting your organization from phishing attacks.
Phishing Scams Are Getting More Sophisticated
Cyber attackers are constantly becoming more sophisticated and developing new techniques to evade business cybersecurity tools. This is true for any type of attack and is even more true for phishing threats. From evading machine fetching to threat intelligence, and all the way to tricking the end-user, techniques are getting more sophisticated every day.
For example, when it comes to evading machine fetching, attackers will utilize Captcha to ensure only real users are directed to their malicious websites and avoid machine-based early detection while ensuring these users feel even safer doing so.
For evading threat intelligence, attackers will leverage trusted names such as Google, Zoom, Micorosft Teams, or the company’s own name, in order to trick users and carry out attacks.
And for evading user training solutions, attackers will hijack legitimate URLs or create real-looking websites that accurately mimic the company’s own pages, making it almost impossible for users to tell the difference.
If you’re ever wondering if a page is legitimate or not, you can use online tools to know for sure. There are many of these tools online; just Google ‘link scanners for phishing’ and you will find them easily.
Being Small Doesn’t Mean You Are Safe
SMEs are becoming more vulnerable to cyber-attacks, with an increase in the number of attacks and their severity becoming a growing concern. This trend is expected to continue into 2021, which means that SMEs need to take the required steps to stay protected against phishing and malware.
Being small or thinking one can “fly under the radar” isn’t enough anymore. With a single phishing email costing small businesses upwards of $100,000, this threat is urgent and serious.
Staying Protected from Cybersecurity Attacks in 2021
Looking at cybersecurity threats in 2021, there is one other important trend to be aware of. This trend is rendering many security products obsolete, and it’s critical to understand this when assessing your risks for the coming year.
The issue at hand is protection against previously unseen threats. With most well-known email protection solutions needing to classify threats before being able to deal with them effectively – and with malware constantly mutating to avoid such threats – this is a massive risk factor for 2021.
Staying protected from cybersecurity attacks in 2021 is not going to be easy; threats are evolving, new threats are constantly appearing. However, by following these steps, you’re setting yourself up for success in terms of keeping your organization protected in the year ahead.
The first steps in staying protected are understanding the risks, understanding your own organization’s risk profile, and then mitigating threats with the right tools, strategy, and technologies. Tools such as Breach & Attack Simulations are generally a great place to start when it comes to assessing your own areas of vulnerability, including testing your current email security solutions. Some of them are even available for free for Office 365 users.
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021