• Jolene xu

Emerging Cyber Security threats in 2021 and how to prepare for it

As we approach 2021, our society and economy continue to embrace digital transformation as the covid-19 crisis force businesses to adapt to new and evolving cyber security threats, while countless employees suddenly found themselves working from home.

Organizations need to invest in a comprehensive cyber protection solution that keeps their data security one step ahead as cyber threats becomes relentless, targeted and disruptive involving malware, phishing, machine learning and artificial intelligence, cryptocurrency and more.

Fortune favours the prepared, so let us look at these threats and how to prepare yourselves:

1. Insider Attacks

Insider threat is not new; however, it is growing more sophisticated and aggressive. The risk could come from an employee, former employees, contractors or even associates.

Furthermore, with employees working from home and no longer accessing resources from inside the organization’s network, they are getting involved in data leaks intentionally or by accident.

Verizon’s report tells that 57% of information leaks involve insider threats, and 15% of leaks are a consequence of misuse of privileges.

Some steps can be taken before a new insider attack:

· Check employee background before hiring

· Monitor employee behaviour

· Educate and train employees

· Control third-party access

How else can we prepare for it?

One way is by deploying Senhasegura, a Privileged Access Management (PAM) solution that allows you to control access to specific accounts, store all access records for auditing purposes and analyze user actions in real-time that generates alerts about unusual activities. This lets us identify insider attacks much faster and more efficiently.

2. Phishing attacks

Now that more are aware of the dangers of email phishing or of clicking on suspicious-looking links, hackers are using machine learning to create and share convincing fake messages in the hopes that recipients will unintentionally compromise their organization’s networks and data.

CSO finds that phishing attacks account for more than 80% of reported security incidents and 94% of malware is delivered via email.

It gets more sophisticated as targeted digital messages are spread to trick people into clicking on a link that installs malware or expose sensitive data.

For example, you might get an email from Apple stating that your Apple account is kept on hold for security reasons, and the email will instruct you to type in your login credentials in order to restore your account. These attacks enable hackers to steal user logins, credit card credentials and other types of personal financial information, plus gain access to private databases.

A solution that can detect phishing in emails is RedSift’s OnINBOX. It shows real-time warnings by colour-coding the top of every email’s content from an automated security scan that breaks down the trustworthiness of a sender:

A for Authentication: emails are evaluated by security protocols the sender has in place. The stronger their security, the lower the risk of being spoofed by a familiar partner, supplier or other contact in your supply chain.
C for Content: All content in emails are scanned to highlight hidden signals that might cause harm, like malicious URLs or a hijacked domain. OnINBOX's advanced machine learning can spot non-technical threats with social-intelligence by analyzing human language and behaviour. So your employees don’t have to.
T for Trust: OnINBOX learns about the way users interact with people to identify threats and build a personalized trust network.

3. Mobile Breaches

Mobile security is at the top of every company's priority — and for good reason: Covid-19 has spurred businesses to allow employees to use their devices to Work From Home, and many to access corporate data from smartphones.

While smartphones, tablets and other small connected devices such as webcams and smart watches — commonly known as the Internet of Things (IoT) — allow companies to save money and streamline business processes, they also bring a new risk because they generally do not have consistent software updates, which makes them vulnerable to cyber attacks and infections.

According to an IBM study, we are 3 times more likely to respond to a phishing attack on a mobile device than a desktop, partly because people are more likely to see a message on the phone first.

What’s more, It's not just email anymore. A security firm, Wandera, stated in its latest mobile threat report that 83% of phishing attacks this year occurred in text messages or in apps like Facebook Messenger and WhatsApp, mobile games and social media platforms.