Cybersecurity Trends

What You Should Know About Them

The world as we know it is rapidly changing and the COVID-19 crisis has accelerated the pace of that change. Some experts estimate the pandemic advanced the digital transformation timeline by seven years. These changes have opened many new opportunities for cybercriminals who have adeptly exploited these vulnerabilities. This article will summarize the trends that have created these opportunities as well as the ways in which cybersecurity experts are fighting back.

The world as we know it is rapidly changing and the COVID-19 crisis has accelerated the pace of that change. Some experts estimate the pandemic advanced the digital transformation timeline by seven years. These changes have opened many new opportunities for cybercriminals who have adeptly exploited these vulnerabilities. This article will summarize the trends that have created these opportunities as well as the ways in which cybersecurity experts are fighting back.

Trends Threatening Cybersecurity

Increase in Remote Working—Almost overnight the pandemic launched the single biggest experiment in remote working with an estimated half of the workforce working remotely at one point in the early days of the pandemic.[i] Because the transformation occurred so rapidly, companies were unprepared to handle the changes in security that should have accompanied this shift. This rapid transition also resulted in many workers using personal computers and other devices without the security and controls present in the workplace. Home networks tend to be much more vulnerable to attacks due to most users lacking the expertise or the means to protect their data in the same way as a company or organization would.

There are myriad problems created when using personal devices and networks. Individuals rarely understand or can afford the security protocols utilized by their employers. The absence of: 1) automatic software updates, 2) enforcement of password protocols, 3) required updates to the most current versions of software and hardware, and 4) robust anti-virus and other security measures, all contribute to the problem. In addition, many home routers are improperly configured and/or the default passwords were not changed and thus, these networks are easily compromised.

Hurried Transition to Cloud Computing—In the rush to get workers the access they needed to effectively work remotely, many companies turned to cloud computing. But without the time to evaluate the security ramifications and implement the appropriate safeguards, companies left themselves extremely vulnerable to attacks because the preponderance of cloud services do not offer secure encryption, authentication, and audit logging. They also fail to segregate user data within the cloud, meaning all cloud subscribers are sharing the same space without data partitions.[ii]

Continued Use of Legacy Equipment, Systems, and Technology—Legacy equipment and systems are often unable to be maintained as well as their more modern counterparts because the original vendor may not be providing continued support or even critical security patches. Windows 7 is a prime example. It was an extremely popular operating system and despite support being discontinued in January 2020, it is still in use.

Although many companies had planned transitions to more modern equipment and software, the pandemic largely put those projects on hold or caused significant delays. Other companies are faced with specialized software and legacy hardware/equipment that may be incapable of integrating with newer operating systems, especially when those operating systems have significantly changed their user interfaces as Microsoft did in the operating systems succeeding Windows 7.

Also contributing to the problems associated with older technology is the continued use of virtual private networks (VPNs) and remote desktop protocol (RDP) technology. While utilizing these technologies made a rapid transition to remote working possible, it also introduced serious security risks.   

Introduction of 5G Technology Fueling the Explosion of New Connected Devices—There has been astounding growth in the number of devices connected to the Internet, the so-called Internet of Things (IoT), that includes such items as security systems (think Ring doorbells), wearable technology, medical monitoring devices, baby monitors, GPS systems, connected vehicles, home lighting and climate controls, smart appliances, and connected industrial equipment. According to IoT Analytics:

“In 2020, for the first time, there are more IoT connections … than there are non-IoT connections (smartphones, laptops, and computers). Of the 21.7 billion active connected devices worldwide, 11.7 billion (or 54%) will be IoT device connections at the end of 2020. By 2025, it is expected that there will be more than 30 billion IoT connections, almost four IoT devices per person on average.”[iii]

With billions of IoT devices and trillions of sensors imbedded in these devices, hackers have a greatly expanded universe of potential entry points to exploit security weaknesses. Consumers accustomed to plug and play devices often do not think to change the default password, update firmware periodically, or take any other precautions to secure devices like routers. Infected routers accounted for 75% of all loT attacks that occurred in 2018 and that percentage will likely remain high.[iv]

Increased Use of Smartphones—The proliferation of smartphones adds another layer of complexity as many users do not think of smartphones as the computers they are and consequently, do not invest in anti-virus and other security programs tailored to smartphones. There have been numerous instances of apps loaded with malware, spyware, and viruses. These are serious threats considering most people also use their phones to access business e-mail accounts. RSA’s 2019 Current State of Cybercrime whitepaper states that about 70% of fraudulent transactions originated from mobile platforms, with popular mobile attack vectors including malware, data tampering, and data loss.[v]

Exploitation of Human Vulnerabilities: Phishing and Insider Threats—Humans are often the weakest link in securing systems. Cybercriminals have become increasingly adept at using social engineering attacks to gain entry to protected systems. Social engineering has been defined as the art of tricking people into divulging confidential information, and it is usually accomplished through phishing e-mails or text messages that con people into clicking on a malicious link. Social engineering attacks account for more than 80% of reported security incidents, and nearly 90% of all organizations worldwide fell victim to this type of attack within the past year.[vi] 2020 alone saw more than 60,000 phishing websites, with one in every eight employees sharing information on a phishing site.[vii]

Social engineering attacks were particularly successful during the past two years because cybercriminals capitalized on COVID-19 fears through e-mails and texts claiming to contain links to information on the virus and vaccine availability or “confirming” a vaccination appointment. There were also numerous e-mails and texts containing phishing links for checking on government-issued stimulus payments. A newer twist is an e-mail claiming to contain “secure” or confidential information, and it features the Trustpoint logo or other secure sending method that users will inherently assume is secure.

Aside from COVID-19, cybercriminals have increasingly learned how to avoid e-mail filters and have skillfully incorporated data from Facebook, Instagram, LinkedIn, and other social media sites to personalize and geo-target their attacks. Social media has also been a gold mine for gleaning potential answers to security questions. I often see Facebook quizzes with a list of potential security questions: What’s your favorite color? What was the name of your first pet? Color of your first car? Year you graduated high school? Rest assured that hackers are combing through these answers to gain access to user accounts.

Companies also need to evaluate threats originating from within the organization, especially since some remote-only employees may have been hired without meeting them in person. According to Verizon, 34% of cyberattacks in 2019 involved internal factors, which indicates employees may have been implicated, although their participation may have been unintentional.[viii] This analysis should be followed by an assessment of potential threats from “trusted” partners like 3rd-party vendors. Currently, 15% to 25% of security breach incidents are caused by trusted business partners.[ix] In 2020, at least nine U.S. government agencies were hacked through SolarWinds, a federal contractor.[x]

Increased Use of Text-Based Multi-Factor Authentication (MFA)—This popular method of identity verification is being replaced by more secure methods. With text-based MFA, a code is sent to the user’s phone or e-mail account, and that code is then entered to gain access to the system or website. While this method initially worked well, SMS text messages sent to a phone are not encrypted, and hackers quickly figured out how to retrieve the codes.

Increasingly Sophisticated Ransomware Attacks—Ransomware attacks are proliferating because of how lucrative they are coupled with the ease of access through phishing. Often, they are so-called “double-extortion” attacks involving data theft plus the encryption of that data. According to a research study by Deep Instinct, ransomware attacks increased by 435% in 2020 as compared with 2019. The estimated cost of ransomware attacks also increased from $11.5 billion in 2019 to $20 billion in 2020.[xi] Some of the rise in popularity is no doubt due to the availability of payment in cryptocurrencies that are untraceable, plus the newly developed ransomware-as-a-service, which makes it possible for cybercriminals lacking technical proficiency to buy the tools and expertise necessary to carry out these attacks.[xii]

Rise in Artificial Intelligence (AI) and Machine Learning (ML)—AI and ML are great security-enhancement tools in the right hands, but cybercriminals are using these same tools to assist them with malware development and automating cyberattacks, or to spread misinformation using such methods as deepfake photos and videos that are practically indistinguishable from the actual photos and videos. Fortunately, these same tools can be used to strengthen cybersecurity.

Emergence of Cybercrime Gangs—In 2020, cybercriminal organizations began collaborating and even coordinating attacks, an example of which was ransomware developers working with botnet operators. Unfortunately, cybersecurity experts believe this trend will accelerate and these gangs will develop hierarchical leadership culminating in strategic planning to enact advanced simultaneous attacks.[xiii]

Attacks on Critical Infrastructure and State-Backed Attacks—Attacks against critical infrastructure such as transportation, power generation and supply, healthcare, and government agencies are becoming more commonplace. “In the first six months of 2020 alone, Hipaajournal registered 128 successful ransomware attacks on federal entities, healthcare institutions, and educational institutions, with the healthcare industry accounting for over 32% of those attacks.”[xiv]

Sometimes the motivation is monetary but often it is political as well. Countries such as Russia are unofficially sponsoring cybercriminals for political gain and encouraging the theft of sensitive and/or proprietary information as well as the deliberate dissemination of misinformation designed to divide people, influence politics, and destabilize foreign governments. All of which threaten the target country’s national security.    

Data Privacy Concerns—High-profile cyberattacks have increasingly exposed the personally identifiable information (PII) of millions of people. Both the European Union and California have passed laws in response to these attacks. The goal of these laws is to give people greater control over their information, require companies to maintain adequate security to protect this information including strong encryption of PII, and to require timely disclosure when data has been breached.  

Shortage of Cybersecurity Professionals—Compounding the difficulties associated with securing data and preventing cyberattacks is the shortage of cybersecurity professionals.

Preventative Measures

Switch to Application-Based Multi-Factor Authentication (MFA)—Due to weak security on mobile phone networks, cybersecurity experts recommend moving from text-based MFA to application-based MFAs like Google Authenticator or Microsoft Authenticator.

Use Zero Trust Network Access (ZTNA) Technology—ZTNA starts with the assumption that anyone attempting to gain access is a hacker. It provides much more robust security than a VPN because it uses adaptive verification that analyzes the specifics of a particular session and can weigh such factors as the identity of the user, access location, date/time of access, device(s) used, requested access, and behavior patterns.[xv]

Unlike a VPN, there is not automatic access to the whole system. ZTNA allows access to a specific zone, eliminating the possibility of accessing one area to gain access to another more sensitive area. Also unlike a VPN, the entire session is constantly monitored looking for telltale signs of a cyberattack such as rapid changes to, or deletion of, data.

Use Identity Access Management (IAM) in General—Two-factor authentication, multi-factor authentication, VPNs, and ZTNA technology are all subsets of this category but other methods are also being employed such as password-less authentication and biometrics. Blockchain technology may also be utilized at some point in the future.[xvi]

Employ Artificial Intelligence (AI) and Machine Learning (ML) to Automate Security—AI can supplement existing IT staff and provide automated monitoring that can analyze massive amounts of data to identify potential threats much faster than humans can. Deep learning algorithms can be used to analyze threat patterns and recognize behaviors correlated with cybercrime. In so doing, AI can monitor and triage threats in real-time—detecting false positives and prioritizing the remaining threats by level of severity—so the cybersecurity professionals can focus on quickly neutralizing those threats. According to IBM, even when a data breach occurred, those organizations with fully deployed AI technology saved an average of $3.58 million in 2020.[xvii]

Educate Your Workforce and Business Partners—According to one source, about 97% of people in the world are unable to identify a phishing e-mail.[xviii] That is an astounding statistic that points to the need to invest in educating the workforce on recognizing phishing attempts and on general good cybersecurity practices. The goal should be to enable people to identify potential threats and to immediately alert the appropriate staff to the situation. Since many attacks originate from other time zones, there should be an emergency IT number that is available 24/7, especially during non-working hours.

This cybersecurity training must be ongoing; cyberattack methods are constantly evolving so the training must be continually updated to incorporate the latest threats. Cybersecurity must be part of the job description for every employee and contractor, and part of how performance is measured. Executives must model good cybersecurity hygiene and allocate the appropriate resources for training and compliance. By making cybersecurity part of an organization’s core values, employees can become an important part of the cybersecurity efforts instead of one of the greatest potential liabilities.

Have A Recovery Plan—Make sure there are current uncorrupted backups of vital data and detailed plans for how the organization will operate in the event of a cyberattack. This includes knowing who must be notified, and when, in the event of a data breach; having redundancy built in, such as having cross-trained staff and multiple suppliers; and having procedures in place to enable temporary operations. The plan should be tested with a simulated cyberattack to ensure preparations are adequate and complete.

Address Potential Data Privacy Issues—Data breaches of sensitive information have led to reputational damage for many organizations as well as significant monetary exposure and potential legal consequences. Organizations should review any applicable data privacy laws to ensure compliance and should create policies to guide how employees and contractors handle and share confidential information. Security around sensitive data should be constantly monitored and evaluated.

Utilize Managed Detection and Response (MDR) Systems—MDRs provide real-time monitoring and use predictive analytics to anticipate where cybersecurity attacks are likely to occur. They may include identity access management and data loss prevention (DLP) tools to prevent unauthorized access and flag data removal attempts.[xix]

Invest in Cybersecurity Staff and/or Use Managed Services—Consider expanding the staff to include cybersecurity specialists. Larger organizations should also consider hiring a chief security officer. Supplementing staff with AI or even outsourcing cybersecurity may be an option, especially if the IT budget is constrained. MDR service providers can provide constant monitoring and analysis 24/7 as well as immediate alerts to possible cybersecurity issues. They should also provide the expertise needed to assist with swift remediation and ensure any security gaps are adequately addressed to prevent future attacks. Lastly, they should understand the compliance and regulatory environment of the client organization.

Lock Down the Cloud—Analyze where the security risks are in the cloud service being utilized. Many strategies can be employed to combat the risks—encryption, real-time monitoring, identity access management, and managed detection and response (MDR).

Consider Platform Consolidation and Extended Detection and Response (XDR)—It is important to take a holistic, rather than a piecemeal approach to security. XDR provides the most comprehensive approach by integrating cybersecurity onto a single platform. This approach coordinates data across all the security protocols such as: e-mail, servers, networks, end-user devices, and cloud services. All these security interfaces are integrated into a single point of detection and analysis that provides maximum visibility, which enhances the accuracy of threat assessments and improves response time.[xx]

Consider Obtaining Cyber Risk Insurance—Many different insurance products are available to address the damage caused by cyberattacks. These policies usually provide coverage for investigative services, business interruption, and data recovery. They may also cover expenses such as legal fees and settlement costs associated with damages suffered by clients and business partners. Some also include public relations services to address reputational damages as well as forensic services to quantify the different types of damages.

Organizations must be proactive in their approach to cybersecurity and ensure that cybersecurity is a top priority by constantly training their workforce, reinforcing the importance of guarding data, investing in cybersecurity staff and technology, and continually assessing risk factors. Even small and mid-sized businesses must be concerned as a recent study reported that 43% of cyberattacks targeted smaller businesses. Unfortunately, this same study confirmed that approximately 60% of small and mid-sized businesses go out of business within six months of being hacked.[xxi]

The bottom line is the faster a breach is identified and mitigated, the less damage is done, which means the recovery will be quicker, less expensive, and with less disruption to the organization. It is predicted that by 2025, managed detection and response (MDR) systems will be in place in half of all organizations.[xxii]

 

 

[i]   Brooks, Chuck. “3 Key Cybersecurity Trends To Know For 2021 (and On …).” Forbes.com. (April 12, 2021).  https://www.forbes.com/sites/chuckbrooks/2021/04/12/3-key-cybersecurity-trends-to-know-for-2021-and-on-/?sh=6d4ba3ec4978

[ii] Chang, Jenny. “10 Cybersecurity Trends for 2021/2022: Latest Predictions You Should Know.” FinancesOnline.com. https://financesonline.com/cybersecurity-trends/

[iii] Lueth, Knud Lasse. “State of the IoT 2020: 12 Billion IoT Connections, Surpassing Non-IoT for the First Time.” IoT Analytics. (Nov. 19, 2020). https://iot-analytics.com/state-of-the-iot-2020-12-billion-iot-connections-surpassing-non-iot-for-the-first-time/

[iv] Ibid.

[v] Chang, Jenny. “10 Cybersecurity Trends for 2021/2022: Latest Predictions You Should Know.” FinancesOnline.com. https://financesonline.com/cybersecurity-trends/

[vi] Rials, William. “Top Cybersecurity Trends For 2021 and Beyond.” Homeland Security Affairs: Pracademic Affairs 1, Article 3. (May 2021). https://www.hsaj.org/articles/17153

[vii]        Chang, Jenny. “10 Cybersecurity Trends for 2021/2022: Latest Predictions You Should Know.” FinancesOnline.com. https://financesonline.com/cybersecurity-trends/

[viii]        Chourasia, Shreeya. “Top 14 Trends in Cybersecurity to Look Out for 2021.” Tech Research Online. https://techresearchonline.com/technology/it-security/cybersecurity/top-14-trends-in-cybersecurity-to-look-out-for-2021/#

[ix] Panda Security. “11 Emerging Cybersecurity Trends in 2021.”  https://www.pandasecurity.com/en/mediacenter/tips/cybersecurity-trends/

[x]    Lyngaas, Sean. “Russian Hackers behind SolarWinds Hack Are Trying to Infiltrate US and European Government Networks.” CNN.com. (October 6, 2021) https://www.cnn.com/2021/10/06/politics/russian-solarwinds-hackers-active/index.html

[xi]   Brooks, Chuck. “3 Key Cybersecurity Trends To Know For 2021 (and On …).” Forbes.com. (April 12, 2021).  https://www.forbes.com/sites/chuckbrooks/2021/04/12/3-key-cybersecurity-trends-to-know-for-2021-and-on-/?sh=6d4ba3ec4978

[xii]   Hiter, Shelby. “Top Emerging Cybersecurity Trends in 2021.” Datamation.com. https://www.datamation.com/security/cybersecurity-trends/

[xiii] Rials, William. “Top Cybersecurity Trends For 2021 and Beyond.” Homeland Security Affairs: Pracademic Affairs 1, Article 3. (May 2021). https://www.hsaj.org/articles/17153

[xiv] Karafiloski, Davor. “5 Trends Shaping the Cybersecurity Landscape in 2021.” Sumo Logic. https://www.sumologic.com/blog/5-trends-shaping-the-cyber-security-la/

[xv]   Cradlepoint. “ZTNA vs. VPN: How Zero Trust Network Access Impacts Enterprise Networking.” Cradlepoint Blog. https://cradlepoint.com/resources/blog/ztna-vs-vpn-how-zero-trust-network-access-impacts-enterprise-networking/

[xvi] CIOApplications. “Popular Trends in Cybersecurity.” https://www.cioapplications.com/news/popular-trends-in-cybersecurity-nid-8735.html

[xvii] Chourasia, Shreeya. “Top 14 Trends in Cybersecurity to Look Out for 2021.” Tech Research Online. https://techresearchonline.com/technology/it-security/cybersecurity/top-14-trends-in-cybersecurity-to-look-out-for-2021/#

[xviii]        Chang, Jenny. “10 Cybersecurity Trends for 2021/2022: Latest Predictions You Should Know.” FinancesOnline.com. https://financesonline.com/cybersecurity-trends/

[xix] CIOApplications. “Popular Trends in Cybersecurity.” https://www.cioapplications.com/news/popular-trends-in-cybersecurity-nid-8735.html

[xx]   Hiter, Shelby. “Top Emerging Cybersecurity Trends in 2021.” Datamation.com. https://www.datamation.com/security/cybersecurity-trends/

[xxi] Devolutions Inc. “Second Annual Cybersecurity Report from Devolutions Reveals Key Trends and Areas of Vulnerability for SMBs.” (Nov. 16, 2021). https://cybersecurity.init0.org/second-annual-cybersecurity-report-from-devolutions-reveals-key-trends-and-areas-of-vulnerability-for-smbs-globenewswire/

[xxii] Drolet, Michelle. “Five Key Cybersecurity Trends For 2021.” Forbes.com. (December 2021). https://www.forbes.com/sites/forbestechcouncil/2021/12/30/five-key-cybersecurity-trends-for-2021/?sh=1c64dc2a5035

---

Cathy Roper, CPA, ABV, CVA, CFE, CGMA, is an adjunct professor of accounting/forensic accounting at Webster University, a long-time financial professional, and has the rare distinction of being an Elijah Watt Sells medalist when she sat for the CPA exam. Her firm, Roper Consulting Group, is based in St. Louis and specializes in business valuations, lost profits, economic damages, and other types of forensic accounting services. She also partners with ARA Fraud and Forensics in the prevention and detection of business fraud and the quantification of resulting damages.

Ms. Roper can be contacted at (314) 835-7876 or by e-mail to cathy.roper.cpa@roperconsultinggroup.com.