World Economic Forum’s “Global Risks Report 2020” states that the chances of catching and prosecuting a cybercriminal are almost nil (0.05%). Given the circumstances, business awareness and resilience is key to securing sensitive data and avoiding breaches.
Cyber threats are getting more sophisticated and intense amid the increasing levels of remote work and dependence on digital devices. Here are 5 that were the most damaging for enterprises in 2020.
1. Social engineering. In 2020, almost a third of the breaches incorporated social engineering techniques, of which 90% were phishing. Social engineering attacks include, but are not limited to, phishing emails, scareware, quid pro quo and other techniques — all of which manipulate human psychology to attain specific goals.
Cisco indicates that successful spear phishing attacks are accountable for 95% of breaches in enterprise networks. In fact, phishing attempts soared by 667% in March and 43% of workers admit having made mistakes that compromised cybersecurity. This July, Twitter fell victim of a successful phishing attack, which netted scammers more than $100k. Also, cyber criminals stole $2.3 million from a Texas school and tried to obtain personal data by forging an email from WHO.
To prevent social engineering scams, enterprises could implement Zero Standing Privileges. This means that a user is granted access privileges for one particular task and lasts only for the time needed to complete it. Therefore, even if the hackers get their hands on the credentials, they would not be able to access internal systems and sensitive data.
2. Ransomware. Ransomware is a data-encrypting program that demands payment to release the infected data. The overall sum of ransom demands will have reached $1.4 billion in 2020, with an average sum to rectify the damage reaching up to $1.45 million. Ransomware is the third most popular type of malware used in data breaches and is employed in 22% of the cases.
This year hackers compromised COVID-19 research data and demanded $1.14 million from The University of California, attacked the photography giant Canon and were even responsible for lethal incidents. In Germany, cybercriminals targeted a hospital for ransom, with patient care systems being disabled and resulting in one patient's death.
To form a botnet needed for a coordinated DDoS attack, hackers employ devices previously compromised by malware or hacking. Thus every machine can be performing criminal activity with its owner being unaware. The traffic can then be targeted against, say, AWS, which reported having prevented a 2.3Tbps attack this February.
However, increasing traffic is not the only thing worrying cyber security experts. Criminals now employ artificial intelligence (AI) to perform DDoS attacks. A few years ago they managed to steal data of 3.75 million TaskRabbit app users and 141 million users were affected by the app's downtime. The poison is the cure – AI can also be employed to look for the weak spots, especially if there is a massive amount of data involved.
This year organizations embraced remote work at unprecedented rates. The increased online traffic and dependence on digital services made them more vulnerable to cyber criminals. DDoS attacks don’t cost much, thus there is an increasing supply of DDoS-for-hire services, leveraging the scale and bandwidth of public clouds.
4. Third party software. The top 30 ecommerce retailers in the US are connected to 1,131 third-party resources each and 23% of those assets have at least one critical vulnerability. If one of the applications within this ecosystem is compromised, it opens the hackers a gateway to other domains. A breach caused by a third party costs $4.29 million on average.
According to Verizon, web applications were involved in 43% of the breaches and as much as 80% of organizations experienced a cybersecurity breach originating from a vulnerability in their third party vendor ecosystem. In 2020, third party exposures affected Spotify, General Electric, Instagram and other major names.
5. Cloud computing vulnerabilities. The global market for cloud computing is estimated to grow 17% this year, totaling $227.8 billion. While the pandemic lasts, the economy also witnessed a 50% increase in cloud use across all industries.
This trend is a perfect lure for hackers, who performed 7.5 million external attacks on cloud accounts in Q2 2020. Since the beginning of the year, the number of the attempted breaches grew by 250% compared to 2019. The criminals scan for cloud servers with no password, exploit unpatched systems and perform brute-force attacks to access the user accounts. Some try to plant ransomware or steal sensitive data, whilst others, use cloud systems for cryptojacking or coordinated DDoS attacks.
One of the biggest attacks this year was aimed at Blackbaud — a cloud service provider. Attackers installed the ransomware and stole payment information from millions of users worldwide. The company had to pay the undisclosed ransom and a lawsuit followed.
To strengthen the cloud computing defenses in the future, stakeholders should pay attention to proper cloud storage configuration, security of application user interfaces (APIs) and the end-user actions on cloud devices.
Corporate security challenges
Companies and their employees were thrust into a remote working environment rather suddenly, with many organizations’ remote networking capabilities still not as shielded as their on-premise IT infrastructures. This rapid shift has left many unsecured gaps that malicious actors are constantly looking to exploit for financial gain.
The technological changes that shaped the workplace in 2020 are here to stay and so are the increasing cyber threats enterprises face. On account of that, the majority of executives say they will mainly spend their IT budgets on cyber resilience. Security teams have to develop strong policies to respond to the cybersecurity challenges, but that’s only the first step. They need to effectively communicate those policies to the entire workforce and train employees to respond to them.