By Nir Gaist, Nyotron, Founder
Cybersecurity has gone through many phases over the last few decades. Today, we hear about a new, more volatile-than-the-last attack every day that has the potential to disrupt business. These cyber-threats are hazardous to company structure and can lead to interruptions in production and loss of revenue. While these attacks may seem unavoidable, it is important to understand that a proper cybersecurity strategy, with the right defense mechanisms in place, can improve your security posture by tenfold and leave you in a better place than most companies.
Nowadays, pretty much everything can be hacked and used as an entry point into a company’s network, including laptops, cell phones and even smart thermometers. While it’s great to have a plethora of options to stay online and access data, it’s important to understand that all of these access points need to be monitored and protected. Additionally, to make matters worse, hackers are using the technology cybersecurity vendors rely on to protect enterprises, such as AI, and adapting it for malicious intent.
With the height of phishing attacks, more than 60,000 websites were reported in March 2020. Phishing trends during the second half of the year ranged from fake internal emails touting new health benefits to run-of-the-mill, password reset emails that exploited the physical gulf between employees and the IT department. Hackers are ready to take advantage of whatever may happen next, cyber threats will continue to evolve in 2021.
Here’s what I believe is on the radar for the cybersecurity industry this year.
The Future of Cyber Threats:
COVID-19 is Here to Stay, Virtually
The pandemic is not going away, at least not from the attacker’s standpoint. Mass fear and uncertainty have always served as ultimate ‘opportunities’ for scams and other, brand new creative attack vectors. While we are all on the lookout for long-awaited vaccines, we should also beware of related scams and messages, as these will surely become a major vector for fake news, misinformation, and malware delivery.
More Infrastructural Vulnerabilities
As many organizations are adapting to the new WFH normal, some are even embracing it and have already made it their forever normal. While remote employees have always been there, most organizations’ security theater is not there yet. This reality draws more attacker attention to the infrastructure, and, as the old saying goes – the more popular the product, the more vulnerabilities will be found in it.
More Data Gets Encrypted, and Voila!
Yes, ransomware. But not that old pay-to-decrypt modus-operandi that we all know. With a rapidly growing budget most VC-backed startups are dreaming of, these ransomware groups are becoming really slick, well organized and pretty darn effective. New pressure techniques and incentives of payment are evolving with recent attacks, where encryption of data is sometimes left out in favor of exfiltration. We should certainly prepare for bolder, more sophisticated techniques.
What is The End of It All?
Why Preparation is the Key to Success
While the situation may look grim, there is hope. One-way companies can stay protected is through the positive security model. This approach to security maps the finite “good” behavior rather than all the possible mischief blocking any process that isn’t a legitimate file system operation. The strategy is particularly beneficial to SMBs, as it can act as a standalone measure of defense or complement existing tools without breaking the bank.
At the heart of any good security strategy is a simple concept: awareness. That goes for both what assets you need to secure, and what threats you may face. Without proper awareness, business may not even understand the vulnerabilities hackers may take advantage of, leaving them a sitting duck to be attacked.
Where Do We Go Next?
It is a battle that has gone on for ages and will continue. While future malware may end up being more complicated than existing ones, it’s crucial to realize that the cybersecurity industry we’ll never be able to predict what the next zero-day will entail. Rather than predict the future, simply understand that malware is just a vehicle for hackers to get to their end goal of accessing your information and compromising your business. Truth be told, 100% protection will never be achieved without completely disconnecting from the internet. Hackers are just too smart, and threats are constantly evolving. However, companies can achieve the best protection possible by implementing the proper protocols and ensuring that every possible entry point into your network is secured. This due diligence will lead to your company being more secure than most, making you a tougher target for cybercriminals.
About the Author
Nir Gaist is a senior information security expert, ethical hacker, and a gifted individual. He started programming at age 6 and began his studies at the Israeli Technion University at age 10. Nir holds significant cybersecurity experience after serving as a security consultant to some of the largest Israeli organizations, such as the Israeli police, the Israeli parliament, and Microsoft’s Israeli branch. He has vast experience in penetrating networks for risk management purposes as well as deep knowledge in security breaches and unknown threats. Nir can be reached online at Nir Gaist and at our company website https://www.nyotron.com/