Each year, cybersecurity professionals review the top threats and emerging trends in IT security from the previous year to gain insights and prepare defenses to keep networks, devices, and data safeguarded.
One of the first of these to come out from 2020 is from security software maker, Sophos. Its 2021 Threat Report brings insight from the past 12 months on work that SophosLabs has done on malware and spam analysis.
The report is designed to provide a roadmap for where organizations should direct cybersecurity safeguardsin the coming year.
Idaho businesses that don’t keep up with the evolving threats out there, can end up with vulnerabilities in their network that leaves them open for a devastating breach.
The cost of one data breach for a small business averages between $120,000 to $1.24 million.
Below, we’ll go into some of the takeaways from this threat report and what it means for your business security focuses for the coming year.
Key Takeaways from Looking at Emerging Threats from the Last 12 months
The report is divided into four key areas of concern:
- Ransomware
- Everyday Threats
- COVID-19
- Nontraditional Platforms
Each of these areas includes several key warnings about how cyberthreats have been evolving and where they are going in 2021.
Ransomware
Ransomware remains one of the most dangerous forms of malware, and it only continues to become more costly and more threatening.
In 2019, the average ransomware demand was $84,000, by the end of 2020, it had risen to an average of $233,817.
The frequency of attack as well as payment demand continue to skyrocket because too many companies aren’t properly protected against ransomware, making it a lucrative form of criminal income.
This has caused ransomware to become a tool of the criminal underground and cybercrime cartels, making it more dangerous because of the planning and effort behind the attacks.
The Sophos report found that in addition to ransom amounts going up, more ransomware groups are now engaging in data theft as well and extorting targets, threatening to release sensitive data.
The collective criminal effort has also made attacks more efficient. Those that used to take days or weeks to carry out, now take just a few hours.
Everyday Threats
“Everyday” threats are those that hide in vulnerabilities of applications that are used every day. These often fly under the radar because they’re less suspected of causing a breach.
Familiarity with a process you do all the time can breed complacency when it comes to your cybersecurityefforts.
The report found that hackers are targeting these often-used applications and processes with increasing frequency. They include:
- Server platforms running Windows and Linux
- Virtual Private Networks (VPN)
- Remote Desktop Protocol (RDP)
Basic security hygiene is still a problem, with companies failing to follow basics like keeping devices patched and updated and not using the right security configurations in Microsoft 365 and other cloud platforms.
This lack of attention to the basics was found in the report to be a root cause of the most damaging attacks in 2021.
COVID-19
The pandemic turned the cybersecurity world on its head for a number of reasons and made 2020 one of the most dangerous years for online security threats and breaches for businesses.
During the midst of the pandemic, the FBI reported a 400% increase in cyberattacks.
One of the big challenges for businesses was the new work-from-home environment and how to secure remote employees. With home networks generally being less secure than office networks, hackers have gone after them with a vengeance.
The swift move to cloud applications to make it possible to keep businesses running even with everyone out of the office also led to security vulnerabilities. Access security and stolen passwords have been a problem, along with weak security configurations.
This frenzy on behalf of the cybercriminals has found them organizing and pooling their forces in 2020 and leveraging social engineering and anything related to COVID-19 for phishing attacks.
Nontraditional Platforms
Companies often pay the most attention to their computers and servers when it comes to data security. However, nontraditional platforms, such as mobile devices and IoT devices are becoming the dominant endpoints in a business network.
Hackers have taken notice and are targeting these types of devices in higher frequency, because they tend to be less protected and can be a conduit to other devices on a network.
Mobile malware detection is still behind as hackers develop ways around those scans.
IoT is also becoming more dangerous with leaders in the field, like Amazon opting millions of devices into its new Amazon Sidewalk shared network for IoT, and experts unsure what this means for the users’ network security if they don’t know how to opt out.
Get Expert Help Upgrading Your IT Security Defenses Today
Connect2Geek can help your Treasure Valley business with a review of your current cybersecurity strategy, letting you know what you’re doing right, and where you may have some weak spots that need to be addressed.
Schedule your free consultation to learn more today! Call 208-468-4323 or reach out online.