2020 spawned a flurry of new cybercriminal activity, and it has continued into 2021. With a good deal of our workforce working remotely, cybercriminals see an opportunity which they are exploiting wildly. There are new threats on the horizon all the time, and it’s critical to know what tactics are being used so you can stay safe.
The top cyber threats to watch out for are:
1. Insider Data Breaches
According to Verizon, about 30% of data breaches occur because of employee negligence or accidental exposure. Typically, there is no malicious intent on the part of the staff member. However, a big issue is a lack of training about cybersecurity issues and how to address them.
However, a new breed of criminal is emerging where company agents are actually hackers in disguise. These employees get jobs with influential companies with the goal of infiltrating systems, exfiltrating data, or compromising systems.
To avoid any cybersecurity incidents, constantly monitor your network, look for any unauthorized devices or activity and draft strict policies about data access.
2. Cloud-Based Computing
Cloud-based computing has exploded. Most companies and individuals store volumes of data on cloud-based services like Google Drive, Apple iCloud, DropBox, and other public-facing resources. Most email is now cloud-based too. These shared resources are ripe for breaches, hacking, and scams.
Always keep your software and apps up to date. Be careful what information you store in the cloud and keep good backups in case of disaster.
3. IoT Device Security
Although computers and mobile devices are well-equipped with security and privacy provision, IoT devices like smart TVs, remotes, coffee makers, personal assistants, etc., may not be. These devices can be very vulnerable to drive-by and man-in-the-middle attacks.
The best way to protect Wi-Fi devices connected to your network is through a VPN router that masks your IP, protects your network, and ensures complete privacy for all your online activities.
4. Phishing Attacks
Most of us are no strangers to phishing attacks, but they are more popular now than ever before. Political and Covid-themed emails are sent out every day by hackers looking to gain a foothold into your life and your network. Be careful not to trust the sender of any email (verify who it really came from first) and never click links or download attachments in emails from strangers.
Malvertising is also on the rise and refers to malicious ads in search engines, social media, or websites. These ads include malware or ransomware, and some work even if you never click them. Legitimate websites can be compromised with drive-by malware that infects your device just by visiting it. A couple of types to watch out for are ads hawking fake apps for your mobile device and pop-ups saying your computer or browser has been infected and needs repair. These may appear to come from a legitimate technical support company or resource, but they are just fake ads.
Always keep good strong antivirus malware protection on your device and set your browser settings to maximum to keep you safe.
6. Targeted Ransomware Attacks
Ransomware is a huge problem for individuals and more so for corporations. Hackers typically target companies with deep pockets who have the funds to pay to restore their data or network and prevent the leak of information. However, that does not mean that small and medium-sized companies are any less at risk. The threat is always there; lock-down your network tight.
During 2020 we saw a lot of ransomware targeting medical facilities, government agencies, infrastructure organizations, education, and technology companies. The trend is continuing into 2021, with even more attacks reported daily.
7. Touchless Attacks
Some of the most hideous attacks never install anything on your device. Using a phishing email and social engineering, scammers may direct panicked users to a malicious URL that executes code or uses a resource built-into their device to copy data, steal information, or take control.
These types of attacks are referred to as living off the land (LOTL), and they too highlight the importance of never trusting unsolicited emails. Never click a link or download attachments from an email. Visit the website cleanly from a fresh browser instead.
8. Social Engineering/Social Media
Social engineering is a sly way to make a living. Scammers use all sorts of tactics to scare someone into acting (usually visiting a website, clicking a link, downloading something, or entering private information online). They may do this by getting a victim to trust that the email came from a reliable source like a boss, their bank, the government, or a tech support firm.
Some common themes are an alert that something is wrong with an account, credit card, password, or you may be in some trouble and must “act fast.” The implied urgency is to get victims to click without thinking about the dangers.
Always use common sense and be on the lookout and for cyber threats. They are all around us, and you must stay alert to stay safe and keep your identity and digital life intact.