There is a range of cybercrime threats to small businesses in 2021, especially with so many continuing to work remotely. Here are six cyber attack trends and predictions for this year and how small businesses can guard against them.
6 Predictions about cyber threats in 2021
Expected cyber threats for 2021:
- Enhanced ransomware attacks
- Supply chain attacks via cloud-based PaaS solutions
- The use of AI methods to develop more enhanced malware
- Parcel and shipping sectors
- Contact tracing apps
- Telehealth systems
We all know cybercrime is a looming threat for every business, from giant corporations to small businesses. In fact, small businesses may be even more vulnerable as they often lack the resources needed to provide adequate cybersecurity protection.
Experts predict that 2021 will bring new threats targeting sensitive data, intellectual property, and financial resources. Below we’ll take a look at some of the emerging threats, why they might be an issue, and steps you can take to protect your business.
Threat #1: More innovative extortion tactics by ransomware hackers
Cybercrime tactics involving ransomware were more aggressive than ever in 2020. In the upcoming year, we’re likely to see more sophisticated tactics. Experts predict an uptake in threats against third-party data, suppliers, and customers.
One prediction is that cyber thieves may target proprietary data that could then extend to vendors and partners. The most sophisticated criminals may have the ability to target an entire network of companies, striking all of them at once and demanding ever-increasing payouts in exchange for the “return” of control or data.
Mitigation strategies:
- Use patches to protect vulnerabilities
- Use two-factor authorization on all accounts, including admins and users
- Disable PowerShell on machines that aren’t used for day-to-day operations
- Have an aggressive onsite and offsite backup strategy for your data
- Develop ransomware playbooks and runbooks
- Implement regular exercises to test responses to cyber attacks
- Establish a program to identify suspicious behavior and potential hacks
- Engage an outside incident response firm
- Conduct a thorough review of your cyber insurance policy
Threat #2: Supply chain attacks via cloud-based solutions
Cloud-based development technologies like Platform-as-a-service (PaaS) solutions make communication across entire organizations easier than ever. However, these systems may be the next port of entry for cyber thieves. PaaS solutions could be used to attack supply chains and third-party organizations.
Mitigation strategies:
- Deploy Endpoint Detection & Response (EDR) tools to detect suspicious behavior
- Implement application allowlisting to limit application available
- Use code signing to secure software components (for software developers)
- Secure development environments with strict access controls and prompt deployment of patches (for software developers)
Treat #3: Intelligent cyber crime
Artificial intelligence (AI) has revolutionized the way services are delivered across industries. However, experts believe these systems are vulnerable to attacks. Cyber thieves could target machine learning (ML) methods used by different organizations, particularly when it comes to malware detection.
What does that mean?
AI has been used to develop more sophisticated malware detection systems, which prevent and mitigate attacks. Since the technology that detects threats has gotten better, threat actors are expected to use the same AI-enabled tools to develop more sophisticated malware systems. So in essence the same technology that’s being used to develop malware detection could be used to defeat those tools.
Mitigation strategies:
- Implement defense-in-depth strategies to disrupt attacks
- Build and train AI systems to be better at detecting attacks
- Treat AI models as proprietary intellectual property and protect it like you would any other intellectual property
- Consider using digital watermarking of trained AI models to prove ownership
Threat #4: Targeting parcel and shipping sectors
All those online purchases in 2020 have led to an explosion of infrastructure and operations within the companies that ship and deliver your products. Cyber thieves have definitely noticed and experts predict the systems used by those companies will become likely targets in 2021.
Bad actors could target both the shipping companies and their customers. They could also demand ransoms from shippers during critical periods.
Mitigation strategies:
- Increase monitoring during times of increased reliance on shipping services (like holidays)
- Keep up-to-date on strategic and geopolitical environments that might affect shipping and parcel services
- Educate your customers about the type of communications they can expect from your company
- Train employees about how and when to receive/open emails and how to spot phishing schemes
- Review your cybersecurity controls
Threat #5: Targeting contact tracing apps
COVID-19 contact tracing apps are meant to ensure safe environments for employees, customers, patients, and travel service operators, among others. However, these apps were not always developed with privacy and security in mind. This often leaves them vulnerable to hackers.
Threat actors could turn around and surveil users, install surveillance and backdoor tools to steal data, create fake outbreaks, spy on users, and even blackmail users.
Mitigation strategies:
- Use mobile device management (MDM) platforms to centralize control, access, and cybersecurity measures
- Use solutions (application containerization) that isolate company applications and data on employees’ personal devices
- Enhance security best practices on enterprise mobile devices
Threat #6: Telehealth services
The explosion of remote health services (telehealth/telemedicine/teletherapy) in 2020 offers ripe pickings for cyber thieves in 2021. Experts predict an increased emphasis on stealing patient data, fraud attempts, ransomware attacks that target health data, social engineering schemes, and targeting remote patient monitoring (RPM) devices.
Mitigation strategies for healthcare systems:
- Develop or refine cybersecurity strategies across the board
- Secure third-party vendor access and ensure compliance with all safety regulations
- Implement robust user authentication protocols
- Consider implementing remote management for mobile devices that access healthcare data
- Require patients to use specific apps with embedded security controls
- RPM devices should use unique passwords and authorized software updates (for users)
Protect your business from cyber attacks in 2021
The new year offers your business a fresh start. However, it also offers fresh opportunities for cyber thieves to target your data and systems for ransom. It’s essential that you remain up-to-date on emerging cybercrime threats and take steps to mitigate attacks. Plan your strategy now.
It’s also important to make sure you have adequate cyber liability insurance to protect your company if you ever experience a cybercrime, which is not uncommon. Avante Insurance has the best interests of your Tampa small business at heart when it comes to protecting your and your customers’ data.
We also take care of a wide range of commercial insurance needs, including:
- Commercial property
- General liability
- Commercial auto
- Workers’ compensation
- Professional liability
- Employment practices
- Commercial umbrella
Contact us to request a quote on cyber liability insurance. We will ensure you have the right coverage to protect the business you’ve worked so hard to grow.
This blog and website are made available by the publisher for educational and informational purposes only. It is not to be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state.