While you’ve been busy managing your workforce and the pandemic, cybercriminals have been devising new ways to steal your data and take your money.
Businesses have learned much more about cybersecurity over the past year. That’s the good news. The not-so-good news? So have cybercriminals. New threats are ahead in 2021, but you can prepare now to protect your data and your company.
While no one can say for sure what the future will bring, experts predict a few concerns you can focus on:
- Time hacks. Infrastructure protocols have been common targets for hackers, and organizations have worked to develop and implement toolsets to help manage, configure, and secure these. In 2021, we are likely to see new vulnerabilities and more hackers targeting time servers and other legacy protocol services. When attacks on these are coupled with ransomware, this can make recovery very difficult.
- Attacks involving machine learning data. Expect more hackers seeking to steal copies of original training data and manipulating the models by injecting poisoned data. When this happens, you end up with a system that has learned something it shouldn’t. This can destroy the integrity of otherwise legitimately processed data. These attacks and subsequent data manipulation are likely to be accompanied by a ransom note offering to restore the original data for a price.
- Weaponizing artificial intelligence (AI). Increasingly watch for threat actors to leverage AL to step up attacks on networks and systems. Using data from successful attacks, machine learning systems can identify vulnerabilities found in similar ones. However, while you’re using data from the past to prepare for the future, so are cybercriminals. They’ll be using data to zero in on entry points in systems so they can get in more quickly and with greater stealth. The will target fewer vulnerabilities with each attack, thus avoiding tools that need a specific volume of activity to detect wrongdoings.
- Deepfake deceptions. Pretty much everyone has heard about deepfake videos, photos, and audios that make it look like someone is doing or saying something they’re not. However, despite the awareness, there are new products that can integrate deepfake technology into intelligence-based voiceovers and enable people (celebrities, business leaders, political figures, etc.) to appear in new fake videos and films. Expect a fresh wave of more sophisticated deepfakes in 2021. Teach your employees to be skeptical about questionable things they see or hear and to seek facts from a credible source.
- Home-based cyberattacks. You knew this was coming. With more employees working remotely, cybersecurity weaknesses can appear and be exploited more easily. Despite their diligence, remote workers can let their cybersecurity guard down and become laxer about security. At the same time, they may be distracted by kids, pets, and other family and home responsibilities. Cybercriminals know this and have stepped up social engineering and ransomware attacks. Remote workers also are more likely to use personal devices and wifi that aren’t as secure as those they use at work. This is a good time to retrain employees about phishing and other cyber vulnerabilities they need to be alert to.
- Social media attacks. Poor authentication and verification practices can enable social media attacks. For instance, a hacker can post about a webinar and steal information or get into your system when one of your employee signs up and shares their email or other data.
- Compromised human identities. While this is more common with celebrities and public figures, cybercriminals will be increasing efforts to target and steal private personal data. They then will use this for bribery or extortion.
As the number and cost of as well as damage from breaches increase, more organizations will need to carry comprehensive cyber insurance to manage risk. Moving ahead, engage your IT teams regularly; and even as the pandemic rages on, take time to train employees and remind them of the potential dangers and disasters related to cybercrime. This includes simple things such as reminding them not to open emails from unfamiliar or suspicious addresses and URLs.