Cybersecurity and cyber risk management trends 2021

Cybersecurity and cyber risk management trends 2021 cybergate your cyber security partner

Cybersecurity and cyber risk management trends 2021

Top Cyber Security and Cyber Risk Management Trends 2021

Now that we are in the second half of 2021 we can present a number of trends which characterised the year so far. Covid-19 and remote working are still central forces to the way organisations operate.

Impact of the sudden shift to Remote Working

In the past months there was a shift onto remote work, leading to major implications for the cybersecurity space. For the vast majority of organisations the decision to work from home was unplanned and presented situations of expedited migrations and IT software and hardware procurement.

This new remote working landscape created new threats in the form of new vulnerabilities, new surfaces which were not covered by traditional security policies and more proness for human error. It seems that remote work isn’t going anywhere post-pandemic and a number of organisations have already launched hybrid ways of working, with a good dose of remote working.

Businesses will need to analyse and assess their existing security infrastructure evenmore if (any) areas were left unattended during the abrupt shift to remote. Changes need to be made an integral part of long-term ways of doing business.

Vulnerability assessments of setups, pen tests of systems and web applications and workforce cyber awareness training need to be planned and executed. Policies need to be updated and communicated organisation-wide.

The evolution of Ransomware

Over the past few years ransomware was always the most common threat to organisation’s data security. During 2021 this threat increased in commonality and sophistication. Ransomware attacks resulted in sensitive data being stolen and hefty sums spent to recover from such attacks, not to mention quasi-irreparable reputational damage.

During the first months of the year, a pattern showing an increase in emphasis on extortion attacks was experienced, whereby cyber attackers steal important data, encrypt it and subsequently blackmail the company threatening to release the data if the ransom put forward is not paid in full. The two sides of the coin here are the burden of the ransom money and the threat of having your core data on the line. The most common entry vector for ransomware in 2021 was definitely phishing – of which numbers are ramping up significantly.

We have noticed that organisations are starting to shift onto ZTNA (Zero-Trust Network Access) from the more traditional VPN, to control remote access to sensitive data. Industry professionals foresee that in the next two to three years two-thirds of businesses would have transitioned to ZTNA.

Multi-Factor Authentication is the way to go

Having a password is a basic cyber security practice, but not a safe-enough one in this day and age. Organisations are adopting Multi-factor authentication to add an additional defense-layer against malicious attacks.

This MFA comes in different forms, with the most commonly used ones being the sending of a one-time passcode via SMS. The risk in such cases is that SMS are not encrypted. Application-based MFA have gained momentum, with the likes of Google Authenticator or Microsoft Authenticator, being used to generate such passcodes that expire after a few seconds.

Cloud Services – a favourite with hack-attempts.

With the Covid-19 pandemic the fast and widespread adoption of cloud-based services increased substantially. The trend is on the increase, and will only continue to grow as more organisations are opting for cloud-hosted products and infrastructure. Undoubtedly cloud services offer a vast array of advantages like scalability, reduced costs and efficiency, but are a top target for cyber criminals.

The number-one vulnerability leading to data breaches is misconfigurations. Organisations adopting the cloud model need to understand the shared responsibility paradigm and ensure all configurations are well set up and maintained.

Covid-19 focused Phishing attacks

Everyone is keen to know more about Covid-19, related vaccine information and health authorities instructions. Unfortunately, this has led to a dramatic increase in the level of email phishing attacks tied to the subject matter. Typical phishing emails would show attackers disguised as the health authorities sending vaccine appointments and latest news updates. Organisations need to educate their workforce, have strong filters and implement identity management services to stop the circulation of such malicious emails.

Cyber security professionals are a scarcity

Cyber security is still a maturing discipline and the number of available resources is a far cry from the actual demand. During 2021 there was a sharp increase in the need for Chief Information Security Officers. Such roles are important to align the security operations with the overarching business strategy of an organisation. Not having the right cybersecurity professionals deployed in your teams, drastically reduces confidence levels of business leaders. CISOs pinpoint risks, create and articulate plans how to mitigate and manage them and can serve as a bridge between business and technology.

In conclusion, an emerging trend which was popular in 2021 so far is the breach and attack simulation, during which, gaps in an organisation’s defence are detected and identified (before a possible incident occurs). It is gaining popularity as it validates the security posture of companies using real-life threat scenarios.

Always be proactive, and create a safer working environment. Speak to us today!

    We are here to help

    francesco mifsud cybergate your cyber security partner
    Francesco Mifsud
    [email protected]

    I live and breathe cyber security and everything else in the discipline. With around a decade of experience in the industry I have had the opportunity to develop skills in penetration testing, cloud security, reverse engineering & exploit development, application security engineering, management and organisation-wide cyber security strategy. I hold a well-rounded set of security certifications such as OSCP, eWPTX and CISSP and have delivered training & workshops at some of the most prestigious hacking conferences such as DEF CON, BRU CON, BSides London and BSides Manchester.