As an industry professional, you're eligible to receive a printed copy of the journal.

Fill out your address below.






Please reset your password to access the new DRJ.com
Reset my password
Welcome aboard, !
You're all set. We've send you an email confirmation to
just to confirm you're you.

Welcome to DRJ

Already registered user? Please login here

[wpmem_form login]

Create new account
(it's completely free). Subscribe

The year 2020 witnessed a seismic physical, economic and cultural shift among global organizations, as businesses adapt to working during a pandemic.

When COVID-19 brought sweeping changes to the way we operate, communicate, and do business, cyber criminals were in the wings waiting to seize any opportunity they could to exploit security weaknesses for monetary and disruptive gains. In light of this, we’ve experienced a sharp rise in cyber-attacks across a range of industries including healthcare, education, and ecommerce. Today’s cybercriminal is constantly evolving to take advantage of online behavior and trends – the COVID-19 pandemic is no exception to this.

So, what will cyber criminals bring to the table in 2021? How do organizations ensure they have the appropriate cyber security strategy in place to mitigate ever changing and evolving cyber threats?

The rising risk of remote working

Today the majority of organizations have a remote workforce, and many employees are relying on personal devices to conduct work – this method of working is not secure. Why? Remote employees are sharing the home network with smart TVs, phones, tablets, and various IoT devices which are not adequately secured. The exchange of highly sensitive and confidential information that once occurred behind the fortified infrastructures is now being conducted from fragile home networks.

For the modern CTO this situation is a not ideal. As home working cyber related risks will only become greater during the next year, CTOs and their teams are relentlessly exploring avenues to help mitigate the cyber risk. In 2021, organizations will need to spend more time and money on endpoint security and end-user training.

AI is the future of cybersecurity

The massive and sudden increase in the number of people working from home has furthermore validated the role of artificial intelligence (AI) in the future of cybersecurity. Unlike traditional security solutions, AI does not depend on known signatures. Instead, it relies on user and attack behavior analytics and network traffic analytics, quickly neutralizing a threat before it becomes a crisis.

Phishing is the most commonly known threat countered by the use of AI. Microsoft and Google already use AI to detect spam and phishing emails. Several cyber security companies including Rapid7, Dark Trace, Barracuda, and Palo Alto, are using AI-powered SIEM, firewalls, and a variety of other applications to ensure organizations remain secure.

The implementation of AI and machine learning helps us identify attacks by being able to analyze and predict attacks in real-time. In 2021, we will see much more of this as organizations invest in avoiding cyber-attacks, before they become a threat.

Ransomware becomes a greater threat

Cybercriminals follow the money, so ransomware cases will continue to rise. After all, criminals will use a tool for as long as it is effective. In 2020, many hospitals and health care facilities were victims of ransomware. In fact, the Cybersecurity and Infrastructure Security Agency, FBI, and Department of Health and Human Services recently warned there is a “an increased and imminent cybercrime threat to (specifically) US hospitals and health care providers.”

The extortion techniques are changing too. For example, a recent hack of mental health services provider Vastaamo resulted in hackers contacting the patients and threatening to release their therapy notes and other data unless a sum of €200 was paid.

For any organization, whether a business or a hospital, the freezing of its digital systems threatens customer and patient care, creating urgency to pay up and recover. For as long as it is monetarily viable, ransomware will continue to be a top threat for many years to come.

Social engineering – the dangers of deep fakes

Human beings are the weakest link in the cybersecurity chain. As more defensive technologies integrate with artificial intelligence, it is becoming increasingly difficult for bad actors to compromise network boundaries. Because of this, there is an increase in reliance on social engineering. Deep fakes are a newer social engineering tool in a hacker’s arsenal. “Deep fake” is a term for audio or video recordings which combine existing information and develop it into a new image, video, or audio recording. The deep fakes can be pooled with existing tactics to cause maximum damage.

For instance, imagine an organization’s accounts payable employee receiving an email from the CEO regarding the transfer of funds, followed by a CEO’s phone call. People tend to be cautious with the email as they may be aware of phishing techniques and learned about them in security awareness training but receiving a phone call from an executive of the company makes it less suspicious.

Deep fake tools are easily accessible online. An open-source program named Avatarifyn superimposes someone else’s face onto the user’s face in real-time, during video meetings. The code is available on Github for anyone to use. The lack of effective deep fake detection technology attracts many bad actors to use deep fakes. This threat will only become stronger in 2021.

Third-party risk

The cyber incidents caused by supplier negligence are increasing at an alarming rate. The infamous 2013 Target hack was successful because hackers compromised the HVAC contractor and used stolen access details to infiltrate Target’s infrastructure. The incident cost Target more than $300 million.

Organizations must implement an effective third-party management program to ensure periodic validation of confidentiality, integrity, and data availability.

2021 is set to be more challenging than ever as cyber criminals adopt increasingly sophisticated ways to break into organizations’ IT systems. It is vital employees follow strict IT security policies, whether they’re working in the office or at home. It only takes a simple error or lapse in judgement to create a large scale, highly damaging cyber-attack.

February 3, 2021 – Using Mass Notification to Accomplish Your 2021 Business Continuity Goals

WATCH NOW

February 17, 2021 – Is your BIA effective? Or are you using it ineffectively? How 2020 Changed My View on “Traditional” Business Continuity

WATCH NOW

February 24, 2021 – Evolving Employee Safety for the Anywhere Worker

WATCH NOW

ABOUT THE AUTHOR

Safi Raza

Safi Raza, who has more than 15 years of experience in information security, is director of cybersecurity at Fusion Risk Management. Prior to joining Fusion, Raza spent 14 years at Rosenthal Collins Group, where he spent eight years in training and six years in information security. Raza was responsible for overseeing the e-trading services department where he helped introduce, adapt, and support new and improved trading technologies.

Risk Management: What’s in it for the Executive Suite?
Let's get right to the point: Why would an organization's executives support a comprehensive, enterprise-wide risk management plan? Will it...
READ MORE
Disaster Proofing Your Business with an Electronic Document Management System
Critical Backups and Data Protection in the Event of a Disaster Nearly 18,000 businesses were dislocated, disrupted or destroyed by...
READ MORE
Mike_DeNapoli
Virtualization Can’t Guarantee Data Availability
Virtualization platforms such as those from VMware, Microsoft and Citrix can provide for advances in high availability (HA) for most...
READ MORE
chart2
Automating Data Protection, Disaster Recovery Creates Resilient Infrastructures
Data lies at the center of every company and is the most valuable asset of any business. Companies need, and...
READ MORE