The cybersecurity threats landscape is growing and increasing its negative impacts on companies, with cybercrime causing nearly $1 trillion in damage in 2020, according to “The Hidden Costs of Cybercrime” report by McAfee.
Cyber attacks grew during the earliest days of the COVID-19 pandemic, as employees began to work remotely and enterprises rushed their digital transformation efforts to meet the needs of a new working landscape.
Companies across the globe have learned several valuable lessons about securing their globally distributed infrastructure, both from witnessing large-scale data breaches and experiencing their own security incident scares.
As organizations continue to learn more about trending cybersecurity threats and the best ways to prevent them, it’s important to remember: cybersecurity threats are the product of both external malicious actors and internal vulnerabilities.
Trending Cybersecurity Threats to Watch
- Ransomware and as-a-service attacks
- Enterprise security tool sprawl
- Misconfigured security applications at scale
- Sophisticated spear phishing strategies
- Increased frequency of credential theft
- Mobile device and OS vulnerabilities left unchecked
- Data governance and management errors
- Distributed growth of insider threats post-COVID
- Poorly secured cloud environments
- Incomplete post-attack investigations
Also read: Cybersecurity Market 2021
More on Cybersecurity: Cybersecurity Courses
Ransomware and as-a-service attacks
Ransomware is a growing type of malware hack in which the attacker holds the victim and their personal data for ransom until they comply with ransom demands. Because ransomware is an expanding attack vector, many attackers have developed expert knowledge that they’re willing to share with others for a price.
Ransomware-as-a-service (RaaS) has grown in popularity, making it possible for nontraditional hackers to follow templates and guides to complete complex systems intrusions.
Jon Clay, VP of threat intelligence at Trend Micro, a top cybersecurity software company, said that ransomware is a major cybersecurity threat and other as-a-service attacks are developing along the lines of that model.
“Ransomware is one of the biggest threats, and so, malicious actor groups are developing RaaS offerings to affiliates and any cybercriminal who invests in their platform,” Clay said.
“[There’s also] access-as-a-service, [where] malicious actor groups specialize in infiltrating business networks and then selling that access to other groups like ransomware actors.”
More on ransomware: Report Shows 10x Spike in Ransomware
Enterprise security tool sprawl
For many organizations, their security problems are rooted not in a lack of cybersecurity tools, but rather in a large collection of siloed and mismanaged cybersecurity tools.
Amit Bareket, CEO and co-founder of Perimeter 81, a cloud and network security company, said tool sprawl is a security threat that most average IT teams face.
“I believe one of the top cybersecurity threats today is tool sprawl,” Bareket said. “According to a 451 research survey, the average IT and security teams are using between 10 and 30 security monitoring solutions for applications, network infrastructures, and cloud environments. Most businesses will adopt a new tool in order to fix a specific challenge and then before they know it, they will be using dozens of tools, which simply put, becomes unmanageable.
“The result of tool sprawl is diminished network visibility and weaker threat detection. With the lack of visibility resulting from tool sprawl, security teams can experience delayed threat response time and difficulties managing which tool will fix a specific security risk. The result is that an organization’s resources and networks can become more vulnerable than before.”
More on enterprise security: Best Network Security Software & Tools of 2021
Misconfigured security applications at scale
Tools that employees use to simplify their daily workflows and systems management can be incredibly useful. However, they can also be harmful to the security of a business if user access and other features of widely used tools are misconfigured.
Derek Melber, chief technology and security strategist at Tenable, a cybersecurity platform provider, believes that Microsoft’s Active Directory is one such tool that many enterprise users misconfigure, leaving organizations vulnerable to cybersecurity threats.
“Active Directory is a top threat that should be on every CISO’s radar,” Melber said. “It’s used by almost every major enterprise (90% of the “Fortune 1000”) to authenticate employees’ entry into company networks and manage access and privileges internally. The typical AD environment includes thousands of potential permissions and configurations, many of which might be misconfigured for every individual user in an enterprise, meaning, at scale, it’s near-impossible to secure AD manually.
“That’s why the largest recent security incidents (SolarWinds, MSFT Exchange, the Zerologon, and ProxyLogon vulnerabilities) all have one common denominator: Active Directory. It has proven to be a popular attack vector for threat actors who leverage it to gain entry into corporate networks, move laterally, and escalate privileges, eventually owning and wreaking havoc on an organization’s entire IT infrastructure.”
Sophisticated spear-phishing strategies
Phishing attacks targeting personal and professional inboxes have become more personalized, and the attack vectors are approaching new platforms, like social media channels.
Peter Warmka, author, former CIA senior intelligence officer, and executive member of the Counterintelligence Institute, explained how attackers are taking very meticulous steps to build a trusted connection with victims before they complete a spear-phishing attack:
“The methodology utilized by human hackers in phishing attacks is evolving from low-hanging fruit caught through spam email to well-crafted and precise spear-phishing attacks against high-value organizations by exploiting social media platforms,” Warmka said. “Once having identified the high-value organization, the professional human hacker will typically utilize search tools on LinkedIn to identify prospective insiders (employees or contractors who can be leveraged to conduct the breach). These ‘insider targets’ are then assessed based upon personal information they post on their profiles, such as Facebook, Twitter, Instagram, and other social media platforms. The resultant personality assessment profile will identify the mix of motivations and vulnerabilities unique to each target.
“Once the specific spear-phishing targets are selected and assessed, the human hacker will design one or more fake social media personas or avatars. These personas will be built with commonalities of their intended targets – perhaps having graduated from the same university, members of the same professional association, or sharing a passion for the same humanitarian cause.
“Based upon these commonalities, the target will typically trust the incoming connection request. Once connected, the avatar will first engage the target in dialogue to gain further trust and establish rapport. They will then utilize this same messaging feature within the social media platform to deliver a malicious link to be clicked on or malicious attachment to be opened. It is extremely effective.”
Increased frequency of credential theft
Sometimes, a system hack is as simple as a malicious actor cracking a user’s password or their security questions if they’re too easy to guess. Credential theft is one of the most common attack vectors in cybersecurity, because, as a general rule, users do not protect their credentials with appropriate passwords or other authentication protocols.
Jim Taylor, chief product officer at SecurID, an identity and access management (IAM) company, believes the vulnerabilities of user credentials became even more apparent during the COVID-19 shift to remote work.
“Cybersecurity is trying to contend with the fallout of rushed digital transformations over the last year,” Taylor said. “It’s still a major issue: Businesses need to balance security and convenience to ensure that users stay productive and safe. In many instances, businesses stood up VPNs to secure remote work — VPN use surged all over the world as a result of the pandemic.
“But in too many cases, businesses are still using password-based security to secure their VPNs. That’s a recipe for disaster, particularly as we all dig in for extended hybrid work. The 2020 Verizon ‘Data Breach Investigations Report’ found that more than 80% of hacking-related breaches involved either brute force or the use of lost or stolen credentials. Passwords are hard for legitimate users to manage and simple for hackers to crack.”
Mobile device and OS vulnerabilities left unchecked
Most enterprise security strategies focus heavily on network tools and infrastructure. But what they fail to consider are the gaps in security that personal mobile devices can introduce to an enterprise network if relevant security measures aren’t put in place.
Seth Cutler, CISO at NetApp, a cloud and data management solutions company, said mobile devices are some of the least-monitored and least-updated tools in an employee’s possession, with outdated OS software being a particularly prevalent mobile issue.
“These same devices are often not monitored and protected by enterprise security tools, leaving them vulnerable to attack,” Cutler said.
Dave Martin, VP of extended detection and response at Open Systems, a top cybersecurity firm, pointed to a trending spyware attack that is currently targeting iPhone users, making any personal and professional data stored on their phones vulnerable to a breach.
“The threat of Pegasus spyware is very real, and it is impossible for your employees to protect themselves against it, unless their iPhones are running the current version of iOS,” Martin said. “Pegasus uses multiple exploits that take advantage of zero-day vulnerabilities in iOS and its chief zero-click vector is iMessage, which is particularly troubling as it requires no interaction from the victim.”
Data governance and management errors
For many enterprise networks, the sheer volume of unneeded data makes cybersecurity monitoring less effective. Even the most valuable data has an expiration date and should be reviewed on a regular basis.
Will Bass, VP of cybersecurity at Flexential, an IT and data center management company, thinks that many companies hold on to too much sensitive data past its point of utility.
“Organizations keep too much data for too long,” Bass said. “Sensitive data is a target for bad actors that increases organizational risk.
“Reducing this threat requires good data governance practices, such as deleting any data that is not required to provide their services or meet a regulatory requirement. Deleting unneeded sensitive data in the environment not only reduces the risk of a compromise, but also decreases IT costs by reducing the infrastructure footprint and narrowing the scope for privacy and other regulatory requirements.”
More on data governance: Data Governance Trends 2021
Distributed growth of insider threats post-COVID
Continuing the discussion about best data practices, it’s important to ensure that users, regardless of their location, are only given access to data and systems that are relevant to their roles.
Bass from Flexential said insider threats are much more real than ever before, including when internal users unintentionally become a cybersecurity threat.
“The insider threat is more difficult to detect now with a remote workforce,” Bass said. “Fundamentally, this is an issue with data governance and employees having access to too much information. There is no way to eliminate the threat, but good data governance practices are essential to reduce the potential impact of an insider leaking data or causing damage to systems.”
Poorly secured cloud environments
Many companies recognize the need for cloud-friendly security infrastructure, but especially as so many have sped up their digital transformation and cloud-migration efforts past the point of planning, organizations have bypassed important cloud security features that leave their cloud-based apps vulnerable.
Cutler from NetApp said the cloud requires better security treatment, especially in a few key areas.
“Although most organizations are now securing the cloud, cloud infrastructure, configurations, and SaaS continue to remain a blind spot for most businesses,” Cutler said. “Cloud is API-driven and can create situations where configurations change quickly and without visibility.”
More on cloud trends: Top Trends in Cloud Computing 2021
Incomplete post-attack investigations
Perhaps the most frequent cybersecurity threat that users overlook is the possibility for another attack to occur immediately after an initial attack has been detected and stopped.
James Campbell, CEO and co-founder of Cado Security, a cloud-native digital forensics platform, said many companies don’t properly investigate security incidents, which often opens the door for major breaches down the road.
“The top cybersecurity mistake that enterprises make is not conducting a full proper forensic investigation,” Campbell said. “The sheer volume of incidents security experts have to deal with each day, coupled with the lack of automation, makes it an extremely hard task when it comes to striking the right balance between investigating enough and tackling the next problem. However, when organizations are not digging deep enough, they are more likely to miss something big that can cause significant damage.
“Ransomware attacks are a great example of this. Cyber attackers are known to execute repeat ransomware attacks, often because a proper forensics investigation was never completed the first time around. Security teams must take the time to investigate and retrace the attacker’s every move as well as identify how the attacker gained entry and how they were able to set up the ransomware distribution and execution. It’s also important to identify all accounts, systems, and credentials that were compromised and the method of exploitation, to ensure teams have resolved all vulnerabilities and completely removed the attacker’s access to prevent future compromise.”
Read next: Key Cybersecurity Trends 2021