Last year, the COVID-19 pandemic pretty much dominated everything, which created many challenges for MSPs. What does 2021 hold in the realm of cybersecurity? Unfortunately, perhaps more of the same, according to Hussain Aldawood, Director of Cybersecurity, for Saudi Arabia-based GulfNet Solutions.
“Most have successfully navigated the massive changes, but unless they start preparing for the next wave of threats, 2021 may be just as rocky,” Aldawood says.
Smarter MSP reached out to some experts, and asked them to peer into their crystal balls to see what might be in store for MSPs.
Phishing remains top of mind for cybersecurity pros
Unfortunately, phishing works, and hackers will use what works.
“I think that phishing will continue to be the number one most common threat facing businesses and the community in 2021, with the very high volume of emails and electronic messages exchanged every day that can have malicious links and/or attachments in them,” advises Abdulrahman Al-Nimari, an independent cybersecurity specialist in Saudi Arabia.
Al-Nimari points to phishing as an umbrella attack vector for various other threats like ransomware and different malware types. Pen testing and software can only go so far; the most potent weapon continues to be awareness.
“Training and awareness workshops are essential to educating people and workforces regarding different roles and responsibilities, the dangers of phishing campaigns, and the impact they may have on businesses,” Nimari says.
Dudi Hefer, a cybersecurity specialist based in Israel, adds socially engineered phishing attacks to the list of looming threat of 2021. Hefer suggests that stealing credentials with pen test tools will also be on the hacker’s agenda in 2021.
Social engineering, fileless #malware, cloud remote service attacks, business process compromises, and compromised payloads are #cybersecurity threats that #MSPs need to watch in 2021.
Meanwhile, Matt Klein, a cybersecurity consultant in Charleston, South Carolina, tells Smarter MSP that cloud security will be a persistent threat going into 2021.
“Rapid adoption of cloud platforms without the implementation of security ‘guard rails’ and self-healing capabilities built into the platforms, is a problem,” Klein explains.
Klein also finds the continuing evolution of ransomware to be troubling.
“More generally extortion malware and how it is evolving so rapidly with models that include double extortion,’ he adds.
Meanwhile, Aldawood views social engineering, fileless malware, cloud remote service attacks, business process compromises, and compromised payloads as being areas MSPs need to watch in 2021.
Other areas MSPs must keep an eye on
ARTIFICIAL INTELLIGENCE: 2021 is when the AI arms race is expected to heat up between the good guys and bad guys. Whoever gets the algorithm upper-hand will determine the victor. But MSPs need to be on alert for increasingly sophisticated AI-driven attacks.
CRYPTOCURRENCY: As cryptocurrency values soar, look for hackers to try to hijack server power wherever they can find it. Especially vulnerable are manufacturing hubs, universities, and medical firms. MSPs will need to be on alert for increased power usage, especially during off peak times.
DEEPFAKES: The FaceTime call from your boss directs you to wire funds to an overseas client. Clearly, that is your boss on the screen. Or is it? Look for the threat from deepfakes to grow in 2021 as the technology becomes more widespread. Calling your boss to get an OK to wire those funds may not be as simple anymore; you may have to walk over to their office to see them in person. But the pandemic will continue to keep offices empty. Workers at home and deepfake hackers know this and will continue to exploit it.
#MSPs must be vigilant as 2021 unfolds, keeping one eye on #phishing and crypto miners, while the other needs monitors the #cybersecurity landscape for new and bold attacks.
IoT: Potential attack vectors will continue to expand in 2021 as IoT resumes its growth after somewhat of a pandemic pause in 2020. Whether it be home offices filling up with IoT devices or office water coolers going wireless, all of these connections to the internet will need to be defended. MSPs will have to be continually monitoring and auditing connected devices in office situations.
NEW THREATS: Like any year, but this may be even more the case in 2021, the most significant threats are the ones we don’t know about yet. Think about it, if anyone said going into 2020 that the biggest threat to world stability, security, and economics was the “coronavirus,” that person would have been looked at with utter bewilderment. But COVID came out of seemingly nowhere and upended everything. As the world attempts to go to a post-pandemic normal and certain state sponsors try to adapt to a new presidential administration in the USA, there could be cyber threats lurking out there that we can’t even conceive of.
One trait an MSP must possess is vigilance. As 2021 unfolds, keep one eye on phishing and crypto miners, but the other needs to be watching the cyber universe for new and bold attack attempts.
Photo: 13_Phunkod / Shutterstock