Cybersecurity; What should concern us in 2021?
Cybersecurity; What Should Concern Us in 2021?
The coronavirus pandemic forced the acceleration of digital transformation processes, but it has also made clear the importance of cybersecurity and the new challenges we are facing.
Almost every week, we witness how different types of companies are victims of some cybercrime. This time, the main focus of the headlines has been the University of Castilla la Mancha (a Spanish university) and The Phone House company (a cell phone selling European company), each one having suffered ransomware attacks.
In recent months, ransomware is undoubtedly taking a leading role, with several more-than-notorious attacks. But this 2021 entails more concerns regarding network security.
As Gartner explains in their report "Top Trends in Security and Risk Management for 2021", security and company risk management leaders have significant challenges ahead of them. Once again, the appearance of the coronavirus has affected all fields. With the acceleration of digital transformation, network security as we understood it until now is also going to change.
Malicious actions against organizations will not only not decrease but will continue to grow with different objectives
For Peter Firstbrook, vice president of research at Gartner, the first challenge is the lack of competences, since 80% of the organizations have difficulties finding professionals in the security field and 71% also point out how this affects their ability to carry out security projects. In addition, the consulting firm points out other challenges such as the migration of workspaces, the geopolitical situation, the increase in global regulations, the diversity of endpoints and locations, changing environments, the commitment of business email and, as we pointed out in this article previously, the challenges of ransomware.
As we have discussed, the pandemic forced the acceleration of digital transformation processes and has made clear once again the importance that cybersecurity will have. As ESET explains in the report "Cybersecurity Trends for 2021: Staying safe in times of uncertainty", malicious activity had a significant growth during 2020 with perpetuators of all kinds trying to take advantage of a scenario that presented more users connected, for longer, and willing to adopt the use of online technologies and services that were not in such a high demand previously.
Since 2019, ransomware has increased 62% globally
It is not surprising how this complex situation that we take advantage of has also been exploited by cybercriminals to promote all kinds of harmful activities for organizations. From operations of influence or information theft, to, once again, ransomware campaigns.
According to the CCN-CERT, everything seems to indicate that this type of action will not only not decrease but will continue to grow with different objectives, be it cyber espionage, extortion, destruction of information or even operations to influence public opinion.
Ransomware, the favorite threat
We see it almost every day, it is the best known cyberattack in recent times and the one that has grown the most. Cybercriminals are using increasingly sophisticated techniques and since 2019, ransomware has increased 62% globally as detailed in the 2021 Sonic Wall Cyber Threat Report. A figure that has been greatly influenced by Covid-19, which has given malicious actors multiple opportunities to attack and instill fear.
Although ransomware goes around the world at a lower level, in Spain we have witnessed different attacks. The University of Castilla la Mancha or The Phone House, as we mentioned at the beginning of this post, or the attack suffered by the SEPE (public administration), with serious consequences.
Basically, Spanish users are reluctant to pay the prices demanded in bailouts. Currently, the number of victims in Spain who finally paid after suffering a ransomware attack stands at 32%, according to Kaspersky. A figure well below the 56% worldwide.
What can companies do?
Given the risks that surround us, and those that organizations have to face, it is important to know how to proceed.
The key is to strengthen the structure of processes and procedures that allow integrating technologies and people to monitor the entire cycle of a threat, from the moment attackers seek initial access to a system until they achieve the exfiltration of information or some other kind of impact. For this, it is essential to consider several layers of technologies that allow visibility before, during and after an attack.
Malicious activity had a significant growth during 2020 with perpetuators of all kinds trying to take advantage of a scenario that presented more users connected, for longer, and willing to adopt the use of online technologies and services that were not in such a high demand previously
Firstbrook indicated that companies demand security professionals, and this is also supported by a study by StudentFinance, which shows that in the last 6 months, the demand for expert security profiles has increased by 278%. Without a doubt, organizations are increasingly aware of the importance of these profiles and are working to implement them and also train the employees they already have.
In the Gartner survey of boards of directors for 2021, company directors rank cybersecurity as the second most important source of risk for the company, behind only regulatory compliance. More and more companies have a safety committee on the board of directors, led by an experienced employee or by an external consultant. Currently only 10% of the boards of directors have a cybersecurity committee, a figure that according to the consultancy, by 2025 it will increase to 40%.
These might interest you...
