We are midway through 2021, so now is an excellent time to stop and take stock in the cybersecurity landscape, both where we’ve been and where we are going. I talk to scores of cybersecurity experts each month, which has helped me piece together a composite of where this year has been and tease out some clues as to where it is going.
People head back to the office – or not
One of the biggest headaches for MSPs, says an MSP owner in Sarnia, Ontario, is happening with MSPs that put themselves on a “war footing” to handle cybersecurity during the pandemic and are now finding themselves spread out and having to adjust to going back to centralized corporate campuses. But this is not the case with everyone.
“It’s been uneven, so now we have some clients that are completely back to normal, and others where the staff is still spread out, and it is creating cybersecurity challenges,” offers the MSP owner in Sarnia. Challenges include having different checklists for different clients and just keeping track of who is where.
Ransomware rages against cybersecurity
After a bit of lull in 2020, ransomware attacks have increased by more than 100 percent in 2021. “Everyone is scared. Everyone is talking about it,” says Ken Hallman, owner of Hallman MSP in Calgary, Alberta.
Hallman points out that even the most fortified system is vulnerable if there isn’t basic security awareness training. When people are working from home, it’s easier for them to let their guard down and fall prey to phishing, opening the door for a ransomware attack.
Deep fakes as a cybersecurity threat
As we tease out potential threat trends in the last half of 2021, this is a topic I suspect we’ll be talking a lot more about because it is challenging to defend against. According to ThreatPost:
Artificial intelligence and the rise of deepfake technology is something cybersecurity researchers have cautioned about for years, and now it’s officially arrived. Cybercriminals are increasingly sharing, developing, and deploying deepfake technologies to bypass biometric security protections, and in crimes including blackmail, identity theft, social engineering-based attacks, and more, experts warn.
Cybersecurity expert Brian Foster told ThreatPost that deepfakes will require a drastic re-think of traditional approach, envisioning an automated, zero-trust system that likewise leverages AI and machine learning to analyze multiple security parameters.
If the first half of 2021 is any indication, #ransomware will continue to surge, AI-driven attacks will capture attention, and social engineering will continue to dupe untrained years. #cybersecurity #MSP
So far, many of the deepfakes have been pranks, like some videos of Tom Cruise on Tik-Tok that captured imaginations and caused concern in cybersecurity circles:
It wasn’t that the videos were offensive, or scandalous, or even damaging to Tom Cruise. The actor’s management never even wrote back. It’s that they were good. Scary good.
On the other side of the world, in Washington DC, TikTok Tom was soon setting off alarm bells in national security and intelligence circles. One insider described the response as nothing short of “terror.”
Nothing frustrates traditional signature-based malware detection more than file-less attacks. From conversations with cybersecurity experts, it appears that they are on the rise in 2021.
File-less malware circumvents traditional detection methods and sneaks into critical systems using approved platforms already used by corporate networks.
“We’ve started doing an every quarter housecleaning of our client’s systems to try to root out this type of intrusion,” notes the MSP owner in Sarnia.
It is becoming more and more apparent that a criminal group doesn’t necessarily need the most sophisticated hacking skills to launch an attack.
“All one has to do is be able to create believable, plausible profiles on social media, come up with enticing emails to open and they can trick others into clicking onto very dangerous payloads,” advises Tom Wolf, a cybersecurity expert in Miami, Florida.
“There has to be more awareness training at every level. Unfortunately, I’ve seen companies cutting back their cybersecurity budgets this year because the pandemic has hurt their bottom lines,” Wolf says. “But awareness training does not take expensive new software, and studies have consistently shown education is the most effective tool against malware.”
What will the last half of 2021 hold? There may be threats emerging that aren’t even on our radar yet. Still, supposing the first half of the year is any indication, ransomware will continue to surge, AI-driven attacks will capture attention, and social engineering will continue to dupe people. Buckle up for the last half of what should be another wild year in cybersecurity circles.
Photo: stefan johansson / Shutterstock