This is of course due to the shell-shock year just passed, which I’m sure we are all glad to see the back of. As we enter 2021, we can put the stress felt over the past 12 months behind us, start to look ahead and ask how we can continue to protect our organisations and data.
It’s common knowledge now that cybercrime rates soared last March and continued to do so throughout the year. The most notable shift is that of remote working, where organisations were forced into setting employees up to work from home comfortably, efficiently and most importantly, securely.
Here’s what we think is in store for 2021 in the realm of cyber security, along with some key investment recommendations from our cyber security experts to keep your organisation secure this year.
2021 Cyber security trends
Take me to the cloud above
Cloud-based security and applications have been around for a long time now and many organisations would have already undergone some sort of cloud-based working integration. The events of last year put a real emphasis on the benefits of software-as-a-service, cloud storage and cloud-hosted processes. With the majority of workforces now dispersed and working remotely, organisations need to have solutions which are easy to use, quick to sync and update and ultimately allow flexibility.
In 2021, more organisations than ever will look to add cloud-based security solutions and services to make things a whole lot easier and improve their cyber security posture.
Death to the password
Already we are starting to see passwords replaced on the surface with multi-factor authentication. Two of my favourites are access to Office applications, which sends a push notification straight to my phone which can be approved in seconds, and access to Adobe applications, where you are asked to match a number given on-screen to a selection of numbers within your mobile app. This process is so refined now that it is often one touch and you’re in, with the added bonus of extra security.
Many cyberattacks are still caused by the exposure, or in some cases, guessing of passwords.
In October, a man claimed to have logged into Donald Trump’s Twitter account by correctly guessing his password to be “maga2020!”. The man shared screenshots on October 16th to back up claims.
When the news broke, the White House and Twitter denied the hack. However, in December, Dutch prosecutors who looked into the case have confirmed that it did actually happen.
Passwords will remain a staple for accessing sites, devices and applications, however with the shift to homeworking and the development of authentication solutions and services, many will see the benefits of enabling multi-factor authentication to access business applications.
More GDPR cases and tougher fines
This list wouldn’t be complete without a mention of the GDPR. Now having left the EU, the United Kingdom is set to adopt very similar legislation with perhaps a few minor changes. What we can say though is that more data privacy cases will enter the courts this year and tougher fines should be expected for breaching GDPR. In turn, this should mean that fewer breaches occur on an ongoing basis. Data privacy is a growing trend, not just in the UK and Europe but all across the globe.
Home is where the heart (of your organisation) is
Cybercriminals notoriously shift their method of attack to have the best possible chance of being successful. With employees now carrying out work practices from their homes, cyber-attacks have ramped up and are all the more deadly.
A growing trend in 2020 was the increase in social engineering attacks, where cybercriminals trick employees into carrying out malicious tasks to provide them with access to sensitive information. Fewer attacks these days are caused by back end vulnerabilities due to the skill and time it takes for a cybercriminal to gain access. It is much easier and more effective for a cybercriminal to pick up the phone, call your finance director for example and impersonate your CEO, asking for payment to be made urgently.
Unfortunately, this trend will continue to grow in 2021, and as a result, we believe the number of successful cyber attacks will be the highest on record yet.
Key investment recommendations
With our predicted cyber security trends for 2021 in mind, we have put together our key security investment recommendations to prepare to protect your organisation in the year ahead.
Security Awareness Training to protect home workers
Security technology is an excellent starting point to protect your organisation, however, it cannot be solely relied upon to keep you secure. From recent cybercrime statistics, we know that over 90% of modern-day cyber attacks leverage an employee to be successful. This ranges from attacking the employee with targeted spear phishing to deliver ransomware or other Malware, to socially engineering employees to carry out a malicious task or action such as making a false payment. When cybercriminals have you in their sights, there isn’t much you can do to fully stop them. Your employees are therefore your final line of defence and need to be seen as a working part of your IT security posture.
Providing staff with high-quality security training and regular testing is the best way to stop them from causing security incidents. This is supported by statistics from last year’s Cyber Security Breaches Survey which proved that Security Awareness Training and Testing was the go-to solution for businesses and charities who suffered a breach.
The market is now saturated with many offerings to achieve this, however, few are as easy to deploy and effective as our own Security Awareness Training and Testing service. What makes us different is the fact that we manage this for you, using our expert engineers who now have a combined experience of 50 years! We guarantee to save you time, costs, resources and deliver a more effective service as a result.
See how it works by visiting our Security Awareness page.
Free Coronavirus Phishing Scams Training
The pandemic continues to dominate headlines across the world. As the fight against the virus has developed, so have corresponding phishing scams. Now moving into the vaccination program, criminals have been creating scams around false vaccination notifications. These scams put your employees and organisation at risk.
Our Free Coronavoris Phishing Scams Training Module is an ideal, lightweight solution to bring your employees up-to-speed with the latest threats and training them so they don’t fall victim to an attack.
Register for the free course here.
Multi-factor authentication
As touched on in our predictions for cyber security trends, multi-factor authentication is rapidly growing in popularity. Strong passwords are a good base layer of security when protecting access to business systems and applications. However, the major downfall with passwords is that once they are obtained, the criminal has a window of access and often-times you are unaware when this has happened, making it incredibly difficult to protect against. Passwords are exposed mostly through targeted phishing attacks and breaches and are usually then sold on the Dark Web, where cybercriminals can easily purchase credentials.
This is why you need multi-factor authentication as a secondary layer of security. The added risk of staff working remotely means that it is even more essential to ensure that only those who can authenticate themselves can access your organisation’s systems and applications. With GDPR also now in full effect, your organisation needs an MFA solution to meet compliance.
We offer a range of multi-factor authentication solutions based on your organisation’s needs. Visit our sister site to find out more about our solutions or contact us today for more information.
Cisco cloud mailbox defence
If you are looking to move e-mail to the cloud, or are already relying on Office 365 by itself with no further protection in front or behind it, Cisco Cloud Mailbox Defence is essential for you.
This is NOT a huge investment of time or budget and really is ‘as easy as it claims to be’. Cloud Mailbox Defense is fully integrated into Office 365 for complete visibility into inbound, outbound, and internal messages. It addresses gaps in Office 365 e-mail security by detecting and blocking advanced e-mail threats with superior threat intelligence. There are no required changes to mail flow or added administrative overhead of altering Mail Exchanger (MX) records. Configuration is minimal and can be fully completed in less than five minutes.
Cloud Mailbox Defense is built on top of modern, open APIs to allow flexible integration into your organisation’s existing email, security, and incident response operations.
Augment native Microsoft 365 security with the superior threat intelligence from Cisco Talos, the industry-leading threat intelligence organisation.
If you would like to discuss how you are currently protecting Office 365 or would like to find out more about Cisco Cloud Mailbox Defence, please let us know.
360 Secure
Perhaps you are ready to say goodbye to the siloed approach of stacked security solutions such as endpoint protection, monitoring, detection and response. Disparate solutions can be cumbersome to manage and cannot scale appropriately to match the ever-changing threat landscape. An autonomous breach protection solution combines all of these elements into a single platform, making it the ultimate way to prevent and resolve a breach, should one occur. All of this is made possible with through a 24/7 Security Operations Centre (SOC); a team of experts who know your IT infrastructure inside-out and can immediately deal with any malicious activity that may threaten your organisation.
Look no further than Cynet for 360-degree protection. On top of this, Cynet offers an exceptional, free incident response service when you need it most. If your organisation has suffered a breach, we highly recommend that you utilise this free service.
For more information on Cynet and their free incident response, click here or contact us.
Cloud Access Security Broker (CASB)
Approved access to cloud applications is essential in today’s changing working environments, even more relevant with the recent influx of necessitated remote workers. With more users working away from the secure office networks, the access to cloud-based “shadow IT” has exploded in use and is set to continue growing throughout 2021.
Users are now finding a multitude of cloud solutions to communicate and share information on that they see as necessary to enable them to continue to provide the high levels of performance they did in an IT secured location.
Without visibility of the access and utilisation of these services, the threat of advance malware, data security and malicious or accidental insider access is on the rise. The usage of Social Media, data storage and CRM’s is un-managed and un-monitored and can be easily abused or put your organisation’s critical data and reputation at risk.
A Cloud Access Security Broker (CASB) solution gives an organisation the ability to discover, analyse, secure and manage cloud activity. This is regardless of whether the user is on the corporate network or working remotely.
Our Web Security solution provides protection for roaming, personal (BYOD) and guest devices with zero-touch configuration. With no requirement to proxy web traffic, your users are guaranteed ultra-fast response times.
Our CASB services are proven to provide:
- Visibility – This is the cornerstone of cloud security. You can’t secure what you don’t know.
- Compliance – As more data is moved to the cloud, organisations must comply with many regulations such as PCI DSS, GDPR and HIPAA.
- Data Security – Scan files on upload and change the specific content using DLP templates.
- Threat Protection – Cloud apps are being targeted with increasing sophistication and volume. Malicious or suspicious user activity can be tracked, identified and managed.
For more information on CASB solutions, visit our sister site or contact us.
