From ransomware to supply chain breaches, organizations face a wide range of security threats. In 2021, cybersecurity will be critical as criminals become increasingly creative and ingenious.
Expanding cyberattack surface
Remote work, supply chains and the Internet of Things have brought an expanding cyber attack surface. 2021 will see continued threats and responses from these entry points.
Remote work has become the norm for many companies, especially since the lockdowns of the 2020 pandemic. This workplace shift has increased vulnerabilities as employees rely on less secure home-based computers and devices.
Cyber attacks are increasing as workers stay home. The United States Department of Health and Human Services found that in 2020, security breaches increased by 50 percent in the health care sector. For example, employees may receive fraudulent emails requesting passwords or other sensitive information. Employee awareness is a critical ingredient in preventing security breaches in the remote workplace.
Internet of things
The Internet of things (IoT) has brought numerous attack surfaces to homes and businesses. IoT devices, such as cameras and storage devices, usually lack the storage space and processing capabilities needed for security applications.
Each IoT device represents a potential entry point for various threats, including identity theft, data theft, malware and passive wiretapping. A criminal can collect sensitive data for months without being detected.
The IoT Cybersecurity Improvement Act is an important step in tightening IoT security. Signed into law in December 2020, the Act requires manufacturers to equip devices with minimum security protections.
Cybercriminals have discovered that they can use supply chains to launch their attacks. The increasing number of IoT endpoints is especially problematic. Even the largest, most secure organization is vulnerable if its vendors lack protection. With just one click at a vendor’s entry point, a criminal can access your networks.
To prevent supply chain breaches, organizations must include security requirements in their contracts with vendors. A security team must work with the vendor to address vulnerabilities. Additional measures include strict inspections and authentication codes for software purchases.
Ransomware is a cyber weapon of choice
Ransomware is a debilitating form of malware that shuts users and administrators out of important networks and databases. An attack will include a ransom note from the actors. The healthcare sector is a common target, with criminals selling sensitive patient information. In 2021, targeted industries may consist of education, mining, transportation and energy.
Sensitive databases and other critical systems often undergo the highest-priority vulnerability scans in an organization. However, criminals often launch ransomware attacks through printers and other low-priority devices.
Protective measures against ransomware attacks include software updates, network patches and employee awareness of email phishing schemes.
Threats against critical infrastructure
The push toward efficiency has brought new security risks to government, energy, agriculture and other critical infrastructure sectors. As organizations merge their operational technology (OT) and informational technology (IT), cybercriminals are discovering new entry points. IT supports business functions such as billing and emails, while OT includes critical industrial control systems (ICS). Compromised OT puts critical infrastructure at risk.
OT-IT convergence has increased efficiency at a high price. Older OT systems are now linked to the Internet with outdated and insufficient cybersecurity. Criminals can easily access ICS and take over critical infrastructure. Results include denial of service attacks, equipment malfunctions and other devastating disruptions.
Organizations are recognizing the connection between physical and cybersecurity. The United States Department of Homeland Security (DHS) is partnering with sector-specific agencies to protect critical infrastructure from cyber attacks. Federal and private agencies analyze threats and vulnerabilities and respond to cyber incidents.
Holistic cybersecurity solutions
The best protection against cyber threats is an expert cybersecurity provider. KME Systems has a skilled staff that provides protection and support. Contact us today to learn about our holistic cybersecurity solutions.