October 5, 2020

Cyber Security: What You Should Know to Prepare for 2021

121 likes

2020 has been a whirlwind year to say the least. It leaves many of us wondering, what is coming next? The introduction of exciting new technologies, flexible work environments, and a high demand for cyber security experts may all seem great at first, but let’s take a moment to reflect on the challenges these trends may bring to cyber security. In this blog post, we share what to expect for cyber security in the coming year and some tips on how to prepare. 


 

The cloud will be a top ransomware target.  

Gartner predicts that the total worldwide public cloud market will reach $331.2 billion by 2022. With Covid-19 still lurking around and businesses promoting remote work, DaaS will remain an inexpensive option for providing access to enterprise applications and data to employees from their devices anywhere with a strong internet connection.  

We are likely to see a rise in CDC compliant SaaS solutions that are quickly deployed, are reliable and offer medical support tools that can be accessed by staff working from anywhere in the world. They will allow to scale large call volumes of infected individuals, and relieve healthcare workers to make informed, critical decisions fast. If you haven’t considered cloud enablement for your business yet, discover the opportunities for growth now.

Meanwhile, you should be aware of some of the top threats to a cloud’s vulnerabilities without an effective cyber security strategy in place. But don’t worry, reach out to us and we’ll be glad to consult you on the best course of action to protect your business from any cyber-attack.
 

  • Cloud cryptojacking is a process in which a hacker stealthily gains access to an organization’s API keys through their files and code and after gaining access to the cloud services, uses CPU resources for cryptomining. IT teams should closely monitor CPU usage to observe any suspicious increase – an automated script can be set up to notify when usage is above the threshold limit. The hacker will usually insert a cryptominer through a malicious link in an email or inject a script into a browser ad, that when clicked will autoexecute JavaScript code on the victim’s device, giving them an entryway to steal sensitive information. Of course, businesses should always ensure that their staff undergo regular security trainings, and practice good cyber hygiene – efforts which are often overlooked and go a long way.
     
  • Credential stuffing is a type of brute-force attack that hijacks accounts through proliferation of microservices and containers. Setting rate limits for authentication attempts might not protect you, as hackers can slow down the rate of submit requests with automated scripts or use bots to infiltrate. Businesses should implement continuous monitoring for changes in site traffic, multi-factor authentication, as well as consider setting up risk-based authentication (RBA) which calculates a risk score based on a set of rules and allows for customizable password security.
     
  • Server-side request forgery (SSRF) is when a hacker gains access to a server’s functionality with aims to manipulate its internal resources. Hackers are able to compromise all logs, credentials and critical data that is stored in the cloud’s infrastructure. A further approach they can take is executing an API call to gain higher privileges. Make sure to validate user supplied URLs and allow only target hosts your organization trusts.
     
  • Misconfiguration is when an organization incorrectly sets up and manages information assets. This can involve giving excessive permissions; keeping default credentials; disabling standard security controls; using insecure data storage containers all decreasing the safety of data in the public cloud. Organizations should run continuous assessments, automate in CI/CD to prevent human error, and think whether database encryption is needed.

     

5G will pose new security threats.

More telecommunication companies are introducing 5G and everyone’s excited to reap the speed and responsiveness, pushing aside the potential risks of cyber-attacks. 5G is dynamic and its many traffic routing points need to be constantly monitored – large, unsecure areas like malls, hotels and airports will be a challenge to offer a secure network. With the hype around 5G, the higher production of low-end IoT devices that don’t prioritize security also means more breach points and opportunities for hackers to access smart home devices such as door locks, speakers, TV’s, speakers and thermostats.  

Also, the encryption keys for the radio interfaces which are generated in the home core network and transmitted to the visited radio network over signaling links can leak out leading to an exposure in the network for hackers to tap into. Although introducing firewalls may help to a degree, secure key management protocols is still a challenge that 5G networks will have to face. To read more on the topic, check out our article, 5G Network Dangers: Myth or Reality? For now, there isn’t too much to stress about, but it’s a good idea to start educating ourselves on the possible 5G vulnerabilities that exist. The table below lists various 5G security threats, potential targets and affected network segments.


Source: Security for 5G and Beyond, IEEE Communications Surveys & Tutorials

 

We will see a rise in breaches during remote work.

The demand for remote work will increase by 30% by 2030, according to a recent Gartner studyWith more remote work policies being set in place due to the pandemic, businesses must assess any security gaps that are present when employees are working outside the office. There must be network perimeter security set in place, and a clear strategy on how to protect the organization’s sensitive data.

 

The cyber security skills gap will widen. 

Each day, cybercriminals are discovering new technologies and methods to target their victims with. That’s 230,000 new malware samples a day to be exact, and that figure is growing, according to PurpleSecAnd although hackers are getting smarter in their attacks, and there is a high demand for cyber security experts, we do not have enough to fill the increasing demand.

Many studies have estimated that by 2021, the cyber security skills gap will reach 3.5 million unfilled positions. Now more than ever, businesses will need to turn to a trusted technology partner they can rely on to protect their sensitive data. Check out how Scalefocus can help with our wide range of security engineering services.

Let’s fight cybercrime together.

We hope you found this post insightful, and that it has shone the light on some key developments that are approaching cyber security in 2021. And hey, it’s not all frightening news and anxiety ahead for businesses that take action against cybercrime. With the right technology partner by your side, even the most determined hackers will be spooked and thwarted.  

Let’s join forces to protect and ensure your organization’s assets are safe and growing. Reach out to our Cyber Security Experts to book a complete software audit and plan an effective cyber security strategy for the future.