2020 was unsettling in many ways and a lot happened regarding cybersecurity. Ransomware attacks have skyrocketed, digital hygiene backslid, and never-before-seen attacks such as the SolarWinds hack figured prominently. How do we counter this threat from which nobody is safe, one which is cartwheeling out of control? What type of cyber threats can we expect to see in 2021?
1. Covid and remote work: risky business
There’s been a significant increase in cyberattacks on the healthcare industry, the finance sector, industrial control systems, and even critical infrastructure. Additionally, there was the “last-minute” SolarWinds hack whose degree of sophistication and number of victims are alarming. It’s safe to say it’s been a busy year for cybersecurity.
In cybersecurity, too, context is king. This was particularly true in 2020, as many cyberattacks were purely opportunistic. Many of them happened because of vulnerabilities linked to the tumultuous switch to remote work. After the earthquake that destroyed Haiti in 2010, cyber-malware had already shown its ability to take advantage of crises as cybercriminals imitated WHO emails. Major disasters are systematically exploited by cybercriminals for financial or espionage purposes. The phenomenon is not new, whether it is the 2004 Tsunami in Asia or the 2010 Earthquake in Haiti – cybercriminals have always taken advantage of international crises and vulnerabilities. The COVID-19 pandemic is no exception to the rule, the multiplication of misinformation and the increase in domain names linked to the coronavirus are strong indications of this. In 2020 – due to the pandemic, phishing campaigns, the spread of malware, the impersonation of official websites became the new normal. Last May, the United Nations Office on Drugs and Crime published a report identifying cyber threats related to the COVID-19 pandemic. Furthermore, according to Interpol, at the end of March 2020, more than 2,000 new domains incorporating the term Covid were identified as malicious and more than 40,000 were classified as high risk. There was also an explosion of delivery scams, boosted by the rise of e-commerce.
It looks like remote work, or at least partly remote, is here to stay. This creates many risks for employees who lack rigor in terms of cybersecurity hygiene. At home, everyone follows their own rules, far from the eyes of the IT department. Working on a personal computer in the privacy of one’s own home leads to complacency. Personal tabs rub shoulders with professional tabs, causing us to become complacent. Obviously, the risk of downloading a malicious file increases over time. Because of this new trend, throughout 2021 businesses and IT teams should focus on making sure that all company employees are sufficiently trained in cybersecurity.
2. Threats boosted by artificial intelligence
Cyberattacks have become ubiquitous, and it is inevitable that AI will change the nature of these attacks. Few sectors are immune from cyberattacks. In fact, the level of sophistication of the threats faced is continually increasing.
Frankly, computer systems that can learn, reason, and act are still in their infancy. To top it off, machine learning requires huge data sets and for many real-world systems, like driverless cars, a complex blend of physical computer vision sensors, complex programming for real-time decision making, and robotics are required.
Hence, while deployment is simpler for businesses adopting AI, giving AI access to information and allowing any measure of autonomy brings serious risks.
The year 2021 is expected to be game-changing with regard to AI. In fact, by 2025, the AI software market will be worth $37 billion. Companies which are embracing these new technologies such as AI, underestimate the inherent risks. They’re really dragging their feet with regards to coherent cyber security strategies, according to an Accenture study published in November 2020.
3. 5G and IoT
With higher speeds, high performance, real-time operation, and even wireless connectivity 5G is a key element in the future of business. However, industry watchdogs warn that 5G has the potential to worsen existing threats and introduce new ones. For example, as 5G becomes part of the industrial control system, how can we make sure it remains secure? In the absence of a clear answer to this question, let’s recall here that there are three main classical threats lurking: industrial espionage, outright shutdown and production detour. These risks will unfortunately still be relevant throughout 2021.
4. The Geopolitics of cybercrime have become more intertwined than ever before
In recent months, several cyberattacks targeting strategic national interests have been attributed to APT (advanced persistent threat) groups close to state structures (China, North Korea, Russia…). The rise of electronic voting is also a concern. In fact, in November 2020, a flaw in the AI of a supercomputer disrupted the counting of votes in the municipal elections in Brazil.
Over the first half of 2020, Israel’s water industry fell prey to multiple cyberattacks. In April, the computer network of a water pumping station was infected by malware. The goal of the attack was to increase the amount of chlorine in the water. Such an attack could have resounding damages, both mechanical and human. The Financial Times headlined it, and it would seem that “Cyber winter is coming.”
5. Increased social engineering attacks
In 2020, Verizon’s analysis of 1600 cybersecurity incidents and 800 breaches found that almost a third of the breaches relied on social engineering techniques. Phishing was involved in 90% of successful attacks. Social engineering attacks include, but are not limited to, phishing emails, scareware, quid pro quo and other techniques — all of which manipulate human psychology to attain specific goals.
According to Cisco, successful spear phishing attacks are accountable for 95% of breaches in company networks. In fact, phishing attempts went up by 667% in March and 43% of workers admit having made mistakes that could have compromised the cybersecurity of their company. Cybercriminals are coming up with new techniques every day, and 2021 will most certainly be another eventful year when it comes to social engineering attacks.
6. The steady increase of common cyber threats
According to Straight Edge Technology, Phishing, SMS-Based Phishing (Smishing), PDF Scams, Malware & Ransomware, Database Exposure, Credential Stuffing and Accidental Sharing are the main threats users and organizations should keep looking out for throughout 2021. A good starting point to avoid these types of incidents is to take a deep breath, slow down, and to use common sense.
Whether it’s data theft, phishing, and purloining state documents, it seems like we saw it all in 2020. But, let’s face it, cybercrime is here to stay. Like a nasty virus, it keeps mutating to keep pace with our efforts to stop it. The best we can do is, to borrow a cold-war term, pursue a policy of “containment” and do our best to anticipate these threats.