IT Solutions

Cybercriminals Selectively Choosing 2021 Attack Targets

Articles
January 21, 2021

Last year was a great success for cybercriminals, with more than 100 massive, successful, and highly lucrative cyberattacks against public and private entities. These were in addition to the massive Russian SolarWinds “mega breach” attack on U.S. companies and government agencies that hit the news in December (but had been ongoing since March).

Even the largest firms have not been immune, with Intel having 20GB of its most sensitive corporate data published online and Google experiencing one of the largest Distributed Denial of Service (DDoS) attacks ever recorded. (A DDOS attack is one in which the perpetrator floods the company with so much incoming traffic that it is effectively impossible to block the attack). Furthermore, an untold number of successful attacks were never detected.

These attacks have been extremely malicious in nature, with cybercriminals stealing massive amounts of data and often holding it hostage for ransom with devastating consequences. Research firm Cybersecurity Ventures reports that global ransomware damage costs would reach $20 Billion by 2021 (57 times greater than damage costs in 2015), with a business being attacked every 11 seconds.

So where does that leave us? Unfortunately, cyberattackers have been emboldened by their success and are only accelerating their efforts. They are fine-tuning their plans, focusing on lucrative targets they perceive as low-hanging fruit. So serious is the threat that ITS is offering a webinar on Security as a Service, a multi-layered, multi-faceted approach to mitigating threats and defending against the most complex attacks.

The Dangers You’re Facing Right Now 

Now that we have your attention, let’s talk about mitigating the danger. As noted above, cybercriminals have stopped taking a “broad strokes” approach. With surgical precision, they identify the attack vectors most likely to result in a successful outcome. This is extremely disconcerting, because many business leaders and their workers are still putting their firms at risk. (We could spend paragraphs citing evidence, but we think this one sums it up. In 2020, the #1 password was 123456. Running a close second was 123456789.)

Security researchers have been following Dark Web chatter and other information streams to identify cybercriminals’ most likely targets for 2021. Two of them are technology environments that companies have been adopting at a feverish pace. We dug into our own research as well as historical material on these solutions to give you this important update.

Remote Workplaces (and other remote solutions)

IT decision makers are reporting they plan to double their permanent remote workforce in 2021 (34.4% versus 16.4% before the COVID-19 outbreak) because they have discovered that remote workers are more productive than those working in an office.

Productivity is great, but this approach also expands corporate attack surfaces and cybercriminals are positively salivating! We recommend any company maintaining or expanding its remote workforce in 2021 take a “cybersecurity checkup.” (Not sure where to find one? Give us a call. )

Cloud Computing 

Cloud solutions are widely known to facilitate application development, information storage and sharing, and other technology benefits. It’s also common knowledge that security isn’t automatic. In 2021, researchers expect to see attacks on Kubernetes, a technology that “containerizes” cloud applications, AWS Sage Maker, a data-sharing tool popular with scientists, and other cloud-based solutions.

Also, Phishing remains a significant threat, with attackers leveraging user interest in current news, from COVID-19 to stimulus checks, to conduct successful campaigns.

Due to the many threats that companies face, we hope 2021 becomes the year when all company decision makers make cybersecurity a top priority. We cannot stress enough the importance of cybersecurity education for both users and executives. At the minimum, everyone should be able to do three things:

  1. Discern what is real from what is fake.
  2. Verify whether a source is credible.
  3. Authenticate information they are not personally certain is true.

Beyond that, businesses must ensure their systems are up to date and defenses are as strong as possible.  To kick start 2021, please watch our Security as a Service webinar that took place on January 20th 2021.

Have Questions?

We’ve got answers — fast, clear, and tailored to your needs. Let’s talk tech.