CYBERSECURITY | The pandemic that hit the world in 2020 has profoundly changed lifestyles, creating fertile ground for cybercriminals. Nothing illustrates this claim as well as the SolarWinds hack. According to Brad Smith, president of Microsoft, this cyberattack is the most sophisticated in history and its repercussions were felt throughout the year 2020.
Telecommuting, the digitization of society and the time spent online present real opportunities for phishers, hackers, crooks and extortionists. At the dawn of 2021, there are unfortunately no signs of improvement . This is why it is essential that individuals and companies become aware of the multiplication of attack paths and understand the measures to be taken to limit the risks .
Forbes offers to analyze the next five major cybersecurity issues , which will have an impact on online security by 2021 and well after. Therefore, Forbes also offers you a selection of practical steps you can take to avoid becoming victims.
Cybersecurity powered by AI
As it is used by financial services to detect fraud, AI can counter cybercrime by identifying patterns of behavior that shed light on any unusual event. AI is able to do this in systems that face thousands of events every second, which is usually the case when cybercriminals launch an attack.
The predictive qualities of AI make it very useful in this case, and this is the reason why more and more companies will invest in this type of solution as 2022. Unfortunately, cybercriminals are also realizing the benefits of AI, and new threats are emerging. Some cybercriminals use technologies like machine learning to evade cybersecurity protections. This makes AI even more essential, as it is the only hope for countering AI-powered cyberattacks .
According to a recent study by Capgemini , two-thirds of companies now believe AI is needed to identify and counter critical cybersecurity threats, and nearly three-quarters of companies are using or testing AI for this purpose.
The growing threat of ransomware attacks
According to the UK National Cyber Security Center , it There were three times as many ransomware (or ransom) attacks in the first quarter 2020 than on the ‘whole year 2019. In addition, the studies carried out by PwC show that 61% of executives in the technology sector expect this type of attack to increase in 2021. Once again, this rise in ransomware attacks is due to the pandemic as well as the increase in online activity and digital environments.
The attacks Ransomware typically involves infecting electronic devices with a virus that locks files behind tamper-proof cryptography. Cybercriminals then threaten to destroy these files if a ransom is not paid, usually in the form of an untraceable cryptocurrency transfer. At the same time, cybercriminals can threaten to release data to the public, exposing the enterprise targeted by the attack to huge fines.
Ransomware is typically deployed using ‘ phishing attacks , in which employees of a company are tricked into providing information or clicking a link that downloads malware (sometimes referred to as “malware” ) on a computer. However, more recently direct infections via USB devices by people with physical access to the devices have become increasingly common. It is worrying to see an increase in this type of attack targeting critical infrastructure. This year, a water treatment plant was the target of such an attack. This briefly succeeded in modifying the chemical operations of the installation, potentially putting the lives of users at risk. Other ransomware attacks have targeted gas pipelines and hospitals.
Education is the most effective method for fight against this threat. Studies have shown that employees who are aware of the dangers of this type of attack are eight times less likely to be victims.
The Internet of Vulnerable Things
The number of connected devices (Internet of Things, IoT) should reach billions from here 2022 . One of the consequences of this phenomenon is the dramatic increase in the number of potential access points for cybercriminals seeking to enter secure digital systems.
IDO has long been recognized as a specific threat. In the past, hackers have used connected home devices, like refrigerators or kettles, to gain access to networks, and from there, enter computers or phones where valuable data can be stored.
In 2022, the IDO will not only be more widespread, but also more sophisticated. Many organizations are now developing “digital twins” , complete digital simulations of entire systems, or even businesses. These models are often connected to operational systems to model the data collected. This is why they are a treasure trove of data and access points for cybercriminals.
Next year, attacks on cybercriminals. connected devices will increase , there is no doubt about it. Edge computing devices (where data is mined closest to the point it is collected) as well as centralized cloud infrastructure are all vulnerable. Once again, education and awareness are the two most useful tools when it comes to protecting against these attacks. Any cybersecurity strategy should always include a thorough audit of every device that may be connected to or have access to a network, as well as a full understanding of the vulnerabilities that such a device may present.
Risk and exposure to cyber attacks: a key factor in partnership decisions
Any cybersecurity operation is only as secure as its weakest link. In other words, companies increasingly see every link in the supply chain as a potential vulnerability. For this reason, companies will use more resilience and exposure to cyber attacks as a determining factor in choosing their partners.
The study carried out by Gartner confirms this trend. According to this study, from here 2025, 60% of companies will use the risk of exposure to cyber attacks as a “determining factor” in the choice of their business partners.
With new legislation in line with the European General Data Protection Regulation (GDPR), such as the Chinese law on the protection of personal information or California’s Consumer Privacy Act, more businesses face varying fines for breaches of information security rules. This means that every partner with potentially access to a company’s data or systems will be vigorously vetted. Companies that are unable to answer questions about their cybersecurity arrangements or assessments will increasingly find themselves on the sidelines.
The regulations are starting to catch up with the risk
For years, cybercriminals have acted with the knowledge that understanding and monitoring of their activities was poor in due to the changing nature of technologies. The cost of cybercrime to global economies is expected to reach 2025 billion dollars in 2021 . This situation is not sustainable. According to the magazine Security , 2021 should be the year when regulators do everything they can to get the situation under control. One of the consequences of this development could be the extension of sanctions . Currently, these only cover breaches and losses. They could therefore be extended to also cover vulnerability and exposure to potential damage. Another consequence could be the increasing adoption of laws relating to payments made in response to ransomware attacks . Finally, we could also observe an increase in the legal obligations entrusted to information security directors , like the responsibilities incumbent on financial directors, in the goal of limiting the impact of theft, loss and breach of customer data.
Today more than ever, it is essential that businesses earn the trust of consumers if they want to be granted the privilege of access to the precious personal information of their customers.
Article translated from Forbes US – Author: Bernard Marr
To also read: How to combine better online recommendations and protection of privacy?