Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

5 biggest cybersecurity threats

How hackers utilize remote work and human error to steal corporate data

By Juta Gurinaviciute
cyber hack
February 3, 2021

Since the beginning of the pandemic, the FBI has seen a fourfold increase in cybersecurity complaints, whereas the global losses from cybercrime exceeded $1 trillion in 2020. 

World Economic Forum’s “Global Risks Report 2020” states that the chances of catching and prosecuting a cybercriminal are almost nil (0.05%). Given the circumstances, business awareness and resilience is key to securing sensitive data and avoiding breaches.

Cyber threats are getting more sophisticated and intense amid the increasing levels of remote work and dependence on digital devices. Here are 5 that were the most damaging for enterprises in 2020.

 

1. Social engineering. In 2020, almost a third of the breaches incorporated social engineering techniques, of which 90% were phishing. Social engineering attacks include, but are not limited to, phishing emails, scareware, quid pro quo and other techniques — all of which manipulate human psychology to attain specific goals. 

Cisco indicates that successful spear phishing attacks are accountable for 95% of breaches in enterprise networks. In fact, phishing attempts soared by 667% in March and 43% of workers admit having made mistakes that compromised cybersecurity. This July, Twitter fell victim of a successful phishing attack, which netted scammers more than $100k. Also, cyber criminals stole $2.3 million from a Texas school and tried to obtain personal data by forging an email from WHO.

To prevent social engineering scams, enterprises could implement Zero Standing Privileges. This means that a user is granted access privileges for one particular task and lasts only for the time needed to complete it. Therefore, even if the hackers get their hands on the credentials, they would not be able to access internal systems and sensitive data.
 

2. Ransomware. Ransomware is a data-encrypting program that demands payment to release the infected data. The overall sum of ransom demands will have reached $1.4 billion in 2020, with an average sum to rectify the damage reaching up to $1.45 million.  Ransomware is the third most popular type of malware used in data breaches and is employed in 22% of the cases. 

This year hackers compromised COVID-19 research data and demanded $1.14 million from The University of California, attacked the photography giant Canon and were even responsible for lethal incidents. In Germany, cybercriminals targeted a hospital for ransom, with patient care systems being  disabled and resulting in one patient's death.

 

3. DDoS attacks. There were 4.83 million DDoS attacks attempted in the first half of 2020 alone and each hour of service disruption may have cost businesses as much as $100k on average.

To form a botnet needed for a coordinated DDoS attack, hackers employ devices previously compromised by malware or hacking. Thus every machine can be performing criminal activity with its owner being unaware. The traffic can then be targeted against, say, AWS, which reported having prevented a 2.3Tbps attack this February. 

However, increasing traffic is not the only thing worrying cyber security experts. Criminals now employ artificial intelligence (AI) to perform DDoS attacks. A few years ago they managed to steal data of 3.75 million TaskRabbit app users and 141 million users were affected by the app's downtime. The poison is the cure – AI can also be employed to look for the weak spots, especially if there is a massive amount of data involved. 

This year organizations embraced remote work at unprecedented rates. The increased online traffic and dependence on digital services made them more vulnerable to cyber criminals. DDoS attacks don’t cost much, thus there is an increasing supply of DDoS-for-hire services, leveraging the scale and bandwidth of public clouds.
 

4. Third party software. The top 30 ecommerce retailers in the US are connected to 1,131 third-party resources each and 23% of those assets have at least one critical vulnerability. If one of the applications within this ecosystem is compromised, it opens the hackers a gateway to other domains. A breach caused by a third party costs $4.29 million on average. 

According to Verizon, web applications were involved in 43% of the breaches and as much as 80% of organizations experienced a cybersecurity breach originating from a vulnerability in their third party vendor ecosystem. In 2020, third party exposures affected Spotify, General Electric, Instagram and other major names. 

 

5. Cloud computing vulnerabilities. The global market for cloud computing is estimated to grow 17% this year, totaling $227.8 billion. While the pandemic lasts, the economy also witnessed a 50% increase in cloud use across all industries.

This trend is a perfect lure for hackers, who performed 7.5 million external attacks on cloud accounts in Q2 2020. Since the beginning of the year, the number of the attempted breaches grew by 250% compared to 2019. The criminals scan for cloud servers with no password, exploit unpatched systems and perform brute-force attacks to access the user accounts. Some try to plant ransomware or steal sensitive data, whilst others, use cloud systems for cryptojacking or coordinated DDoS attacks.

One of the biggest attacks this year was aimed at Blackbaud — a cloud service provider. Attackers installed the ransomware and stole payment information from millions of users worldwide. The company had to pay the undisclosed ransom and a lawsuit followed.

To strengthen the cloud computing defenses in the future, stakeholders should pay attention to proper cloud storage configuration, security of application user interfaces (APIs) and the end-user actions on cloud devices.

Corporate security challenges

Companies and their employees were thrust into a remote working environment rather suddenly, with many organizations’ remote networking capabilities still not as shielded as their on-premise IT infrastructures. This rapid shift has left many unsecured gaps that malicious actors are constantly looking to exploit for financial gain.

The technological changes that shaped the workplace in 2020 are here to stay and so are the increasing cyber threats enterprises face. On account of that, the majority of executives say they will mainly spend their IT budgets on cyber resilience. Security teams have to develop strong policies to respond to the cybersecurity challenges, but that’s only the first step. They need to effectively communicate those policies to the entire workforce and train employees to respond to them.

KEYWORDS: cyber security information security remote work risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Juta Gurinaviciute is an IT professional with over 20 years of experience in cybersecurity and systems engineering. Currently, she is a Chief Technology Officer at NordVPN Teams. Prior to NordVPN Teams, she held senior UNIX System Administration positions at Telia Company and Barclays. Juta is also a certified RedHat Systems Engineer.


 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • stressed

    Mental health warning in cybersecurity: CISOs across the industry reporting high levels of stress

    See More
  • 5 mins with Hamilton

    5 minutes with Mike Hamilton – The biggest threats to the critical infrastructure

    See More
  • burnt out employee

    One of the biggest threats to a cybersecurity team? Employee burnout

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products

Events

View AllSubmit An Event
  • August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing