Exclusive: Five trends in enterprise security attacks
Share this content
Cybersecurity is an ever-changing field and this past year has been one full of change. The COVID-19 pandemic coincided with a cybercrime outbreak that will likely have lingering effects well into this year. Enterprises hoping to stay safe need to remain on top of this developing situation.
Some cyberattack trends have already started to emerge for this year. Businesses of all sizes should recognise what these rising threats are so they can work to prevent them. In that spirit, here are five enterprise security attack trends for 2021.
As more companies embraced remote work, they moved much of their data and processes to the cloud. Cybercriminals were quick to take advantage of this opportunity, targeting clouds before enterprises could establish sufficient security.
According to one report, attacks on cloud services rose by a stunning 630% in the first quarter of 2020.
Many companies have expressed plans to continue enabling their employees to work from home. As a result, this trend of cloud-targeted attacks will likely continue throughout 2021. Businesses that don’t secure their cloud deployments will be at increased risk, especially as they move more sensitive data to the cloud.
Phishing is far from a new attack method, but it saw a substantial rise last year. The COVID-19 pandemic provides a golden opportunity for cybercriminals, as they can impersonate medical authorities or government agencies to draw sensitive information from employees. The rise in authentic vaccination sign-ups and government programs makes these schemes more believable.
The work-from-home movement also contributes to the rise in phishing attempts. Workers may feel more at ease in their homes than in the office, so they let their guard down. Employees who would otherwise be vigilant about cyber threats may be too distracted or comfortable to spot a phishing attempt.
As more enterprises embrace the Internet of Things (IoT), they often unknowingly increase their attack surface. More endpoints on a network mean more potential entryways and companies may overlook their security since they don’t resemble traditional IT infrastructure. Since these devices bring IT and physical systems together, they also expand what cyberattacks can do.
For example, some electric gates feature automatic access control systems, which can sometimes include IoT connectivity. If a cybercriminal hacked into this access system, they could open the gate, giving them physical access to a property. While the IoT brings several benefits to companies, securing it is a must.
Ransomware attacks also grew in the past year and will likely continue to grow in 2021. By September 2020, IBM Security X-Force said that one in four attacks they had addressed that year came from ransomware. Cybercriminals know that data is becoming more valuable to companies, making ransomware a more effective attack method.
Many companies have loosened their access controls to make the transition to work-from-home smoother. This trend has created new vulnerabilities for cybercriminals to infiltrate networks and steal or encrypt sensitive data. As companies gather more consumer information, these attacks become more threatening.
As cybercrime has increased over the year, the number of credentials available on the dark web has steadily risen. With data breaches becoming more common, this will only continue, giving rise to more credential stuffing attacks. Enterprises should look out for these in 2021, especially given the rise of remote work.
Remote employees need to enter credentials to access company systems and many people reuse passwords. Consequently, a hacker with a list of potential passwords from earlier breaches could access these networks with little time and effort. 2020 saw its fair share of these attacks and 2021 will likely experience more of the same.
Tips for stopping these attacks
These trends are troubling, but businesses can take action to defend against them. Companies that have recently moved to the cloud should ensure their security solution is compatible. Cross-platform compatibility will ensure all remote workers stay safe, regardless of their individual device or browser.
The best defence against phishing attacks is to train employees to spot scam attempts. Role-based access controls will help mitigate the impact if someone falls for these schemes. When employees can only access what they need, stolen credentials won’t let hackers infiltrate the entire network. Since email phishing is the most common entry point for ransomware attacks, these steps will also fight ransomware.
Many IoT devices don’t come with much built-in security, but enterprises can still secure them. Hosting them on a separate network from critical workflows and data ensures hackers can’t use them to access more sensitive information. Using strong, unique passwords instead of defaults for these devices will further protect them.
Using varied passwords will also prevent the likelihood of a successful credential stuffing attack. Dark web monitoring can alert users if someone has stolen their credentials so they can change their passwords.
Keeper can help enterprises in all of these areas. PC Mag named Keeper the Best Password Manager in 2018, 2019 and 2020. As such, Keeper can ensure employees don’t have weak or repeated credentials, mitigating these attacks.
Keeper works across multiple platforms and offers role-based enforcement policies and dark web scans. Getting all these features from one service improves security while minimising the number of third parties companies work with.
Stay safe this year and beyond
2020 was a year of skyrocketing cyber-threats and 2021 will likely push that trend further. If companies understand these threats and know how to mitigate them, there’s no cause for alarm. With the right defences, any business can stay safe from these attacks.
Devin Partida is a technology writer and the Editor-in-Chief of the digital magazine, ReHack.com. To read more from Devin, check out the site.