We are midway through 2021, so now is an excellent time to stop and take stock in the cybersecurity landscape, both where we’ve been and where we are going. I talk to scores of cybersecurity experts each month, which has helped me piece together a composite of where this year has been and tease out some clues as to where it is going.

People head back to the office – or not

One of the biggest headaches for MSPs, says an MSP owner in Sarnia, Ontario, is happening with MSPs that put themselves on a “war footing” to handle cybersecurity during the pandemic and are now finding themselves spread out and having to adjust to going back to centralized corporate campuses. But this is not the case with everyone.

“It’s been uneven, so now we have some clients that are completely back to normal, and others where the staff is still spread out, and it is creating cybersecurity challenges,” offers the MSP owner in Sarnia. Challenges include having different checklists for different clients and just keeping track of who is where.

Ransomware rages against cybersecurity

After a bit of lull in 2020, ransomware attacks have increased by more than 100 percent in 2021. “Everyone is scared. Everyone is talking about it,” says Ken Hallman, owner of Hallman MSP in Calgary, Alberta.

Hallman points out that even the most fortified system is vulnerable if there isn’t basic security awareness training. When people are working from home, it’s easier for them to let their guard down and fall prey to phishing, opening the door for a ransomware attack.

Deep fakes as a cybersecurity threat

As we tease out potential threat trends in the last half of 2021, this is a topic I suspect we’ll be talking a lot more about because it is challenging to defend against. According to ThreatPost:

Artificial intelligence and the rise of deepfake technology is something cybersecurity researchers have cautioned about for years, and now it’s officially arrived. Cybercriminals are increasingly sharing, developing, and deploying deepfake technologies to bypass biometric security protections, and in crimes including blackmail, identity theft, social engineering-based attacks, and more, experts warn.

Cybersecurity expert Brian Foster told ThreatPost that deepfakes will require a drastic re-think of traditional approach, envisioning an automated, zero-trust system that likewise leverages AI and machine learning to analyze multiple security parameters.

So far, many of the deepfakes have been pranks, like some videos of Tom Cruise on Tik-Tok that captured imaginations and caused concern in cybersecurity circles:

It wasn’t that the videos were offensive, or scandalous, or even damaging to Tom Cruise. The actor’s management never even wrote back. It’s that they were good. Scary good.

On the other side of the world, in Washington DC, TikTok Tom was soon setting off alarm bells in national security and intelligence circles. One insider described the response as nothing short of “terror.”

File-less attacks

Nothing frustrates traditional signature-based malware detection more than file-less attacks. From conversations with cybersecurity experts, it appears that they are on the rise in 2021.

File-less malware circumvents traditional detection methods and sneaks into critical systems using approved platforms already used by corporate networks.

“We’ve started doing an every quarter housecleaning of our client’s systems to try to root out this type of intrusion,” notes the MSP owner in Sarnia.

Social engineering

It is becoming more and more apparent that a criminal group doesn’t necessarily need the most sophisticated hacking skills to launch an attack.

“All one has to do is be able to create believable, plausible profiles on social media, come up with enticing emails to open and they can trick others into clicking onto very dangerous payloads,” advises Tom Wolf, a cybersecurity expert in Miami, Florida.

“There has to be more awareness training at every level. Unfortunately, I’ve seen companies cutting back their cybersecurity budgets this year because the pandemic has hurt their bottom lines,” Wolf says. “But awareness training does not take expensive new software, and studies have consistently shown education is the most effective tool against malware.”

What will the last half of 2021 hold? There may be threats emerging that aren’t even on our radar yet. Still, supposing the first half of the year is any indication, ransomware will continue to surge, AI-driven attacks will capture attention, and social engineering will continue to dupe people. Buckle up for the last half of what should be another wild year in cybersecurity circles.

Photo: stefan johansson / Shutterstock

Posted by Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.

5 Comments

  1. hope the first second 1/2 is way quiter than the first 1/2 two major ransomware that has been a wake up call

    Reply

  2. Very insightful

    Reply

  3. I hope we can stay ahead of this

    Reply

  4. Great article highlighting things to consider as we try to return to normal

    Reply

  5. Eric Goldstein July 20, 2021 at 7:38 am

    Great article. People now a days have enough stress on their plates that they shouldn’t have to worry about ransomware. Let’s hope things don’t get worse.

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *