2020 is behind us, and while Covid-19 was the biggest threat on the radar for most businesses, cybercrime had its biggest year ever, costing Australian businesses over $1 billion.
Businesses are now more reliant than ever on IT and technology and while this brings new and exciting opportunities for growth and profitability, it also brings more exposure to cyberthreats.
How did you get hacked? This is how.
Cybersecurity must be the top priority for all Australian businesses in 2021.
It is predicted that cybercrime will increase by 15% this year, and within 5 years will cost the world economy $10.5 Trillion USD annually.
Given the grim predictions, no business can afford to ignore the rising threat. Especially as aside from the risk of data loss and business downtime, mandatory data breach disclosure laws mean your reputation may be damaged in the event of a hack.
Every business needs a cybersecurity plan, which needs to include end-user training, as well as adequate protections to their networks and devices.
COVID-19 and Cybersecurity
2020 saw an influx of attempted compromises associated with COVID-19.
- Links to fake products
- Phishing using fake and alarming news stories
- A huge increase in BYOD in business
- New remote working practises
- Businesses entering the digital space for the first time.
Hackers took advantage of public fear through the utilization of COVID-19 themed social engineering.
An increase in the prevalence of commodity malware through ransomware-as-a-service has also contributed to an increase within the activity from a wider group of criminal actors.
While IT professionals scrambled to secure networks while coping with a sudden requirement to support an entirely remote workforce, the cybersecurity education of end-users frequently fell through the gaps, leading to an uptick in social-engineering exploits.
In 2021, cyber threats will increase
- Working from home is the new normal for many businesses, however the transition is often made without enterprise-grade security.
- The vaccine rollout is anticipated to be another key target for scams targeting people with fake websites and faux cures.
- There will be a rise in threats in 2021, including malware, ransomware, spyware, adware and scareware.
- Ransomware alone is estimated to have cost $20 billion globally in 2020 and will become even more creative and damaging to motivate payment. Educating end-users is the best defence against these attacks.
Financial services are going to be targeted
- As seen by the fake Zoom invite that forced Sydney hedge fund Levitas to shut up shop, financial services and banks are going to continue to be targeted by cyber-criminals.
- Financial services organisations in particular need to mitigate risk, by employing containerisation and compartmentalisation of systems, especially concerning financial and payment systems.
Public Cloud vulnerabilities will be exploited
- The cyber threat landscape is always changing and legacy security services are going to be vulnerable targets for cyber-breaches. Organisations should review existing security-related arrangements, ensuring services are compliant with the newest regulations and standards.
- Hackers will increasingly target and exploit vulnerabilities in public cloud service providers (Azure, AWS) and businesses should look very carefully at their service agreements including their policies on breach reporting.
- Misconfigurations of cloud servers will become among the highest causes of data breaches. While cloud infrastructure tends to be very secure, customers still need to implement cybersecurity features. Businesses should be aware of best practices and make sure all cloud services are secured before going live.
Identity theft will grow
- The push towards total digital means that there is a greater risk of identity theft.
- Organisations that handle identity data will be targets for hackers.
- Individuals should only store personal data they absolutely have to and make sure data is encrypted rest and transit.
- Individuals should be aware of what personal information they make available publicly on Linkedin.
The Internet-of-things will continue to be a target
- IoT devices from cameras to smart light bulbs are an ideal target for hackers who co-opt compromised devices into botnets.
- Many IoT devices are very susceptible to attack as they do not have robust security (or any security) in place.
- Millions of new consumer electronic devices come online each year from gaming consoles to smart TVs, all of which could potentially be in danger.