Kaspersky’s top three cybersecurity predictions for 2021
Cybersecurity must adapt to counter new threats in a transformed world
Lehan van den Heever is an enterprise cybersecurity adviser for global cybersecurity company Kaspersky in Africa. Kaspersky provides general and specialised security solutions for all tiers of end users: from consumers to private companies and public institutions around the world.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021, says Van den Heever. The change in the digital security landscape was profound when the Covid pandemic hit. Its indirect effects include sales of virtual private network (VPN) services or digital communications tools such as Zoom going through the roof as people retreated into their homes. But, he warns, where the people go, so too do the opportunistic cybercriminals.
“The rapid, almost overnight change to working from home is probably what hit businesses the hardest from a cybersecurity point of view,” says Van den Heever. “Small and medium businesses were greatly affected, and many of them are still very vulnerable.”
Watch the video below:
“If you work from an office with an IT department and perhaps even a dedicated cybersecurity team, you should have a relatively tight hand on your security. The lockdowns and social distancing protocols, however, meant that everyone needed to access company resources from home, on whatever connectivity devices they had. This introduced new vulnerabilities and many more access points that could be exploited by cybercriminals.”
“Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’. And most consumer routers used for work-from-home are set up with ease-of-use in mind, rather than security. This means that the attack surface has increased.”
“We have to start thinking of our users not as the weakest entry point in our security, but as the first line of defence. Many businesses have neglected that side of things, and we need to train users to be cyber-savvy.”
Pirates on the web
Drawing from extensive data and its own forecasting analysis, Kaspersky has identified three top cybersecurity predictions for 2021.
First, Van den Heever says, we can expect an increase in targeted attacks such as advanced persistent threat (APT) intrusions, hacking-for-hire threat actor groups and ransomware gangs, as well as attacks that are (a) more disruptive, and (b) exploit contemporary issues — such as the Covid-19 pandemic — to gain a foothold or find a chink in your armour.
Kaspersky research showed that activity by hackers-for-hire or cyber mercenaries increased during 2020, and that global APT groups have adapted their techniques and have “upgraded their toolset to continue stealing sensitive information”.
The threat on the doorstep
Though much of this type of activity is happening overseas, Kaspersky warns that African companies and cybersecurity providers can’t afford to be complacent about this. “We need to be aware and proactive,” says Van den Heever.
In fact, the economic damage of the Covid-19 pandemic means that countries across Africa and many other emerging markets will experience a rise in unemployment, and this often precipitates an increase in traditional crime. This is echoed in the cyber domain.
Though many companies are feeling the need to tighten their belts, Van den Heever says that cybersecurity such as insurance is not where you should be looking to cut corners. “Some may view it as a grudge purchase, but as with insurance, the better security you need, the more you can expect to pay,” he says.
This is partly because of the cost of advanced technologies — sophisticated solutions to counter sophisticated threats — but the brain-drain and lack of appropriate or sufficient skills in the field within these countries can worsen the problem.
Data at risk
Kaspersky’s third prediction for 2021 is that we will continue to have frequent and significant data breaches.
There is a lot of pressure to get back to “business as usual” and for staff to have “full systems” access remotely. But data breaches can happen when computer systems are left unpatched or improperly configured, which can happen at a corporate environment level or by your cloud hosting provider.
Van den Heever asks, “What is a breach worth to [your company]? If you had to lose your intellectual property or your databases or have customer data leaked, what would that mean for your business?”
During 2020 there were a number of significant and well-publicised data breaches, but there were likely to have been many more that didn’t hit the news, he says.
“You’ve probably already suffered an attack. If you ask your security teams, they’ll tell you about the attempts they see. Businesses will have to really start listening to their cybersecurity teams, and change their perception of security from a grudge purchase to an investment in the safety and continuity of their business.
“I’m a big believer in enablement, including training your IT security staff in digital forensics, malware analysis and reverse engineering.”
Batten down the hatches
“It’s going to get worse before it gets better. Hacking is becoming a viable income stream and career for some. We are seeing the outsourcing of coding, as well as resources and hackers for hire. We’re also seeing things such as machine-learning types of malware and phishing campaigns so sophisticated that even professionals can be fooled,” says Van den Heever.
Against a myriad threats, Van den Heever says, we need to take a layered approach to cybersecurity. “Start with your users, and get them all cyber-savvy. Check the boxes, and then invest in solutions equally as strong as the base development of malware right now — which means ‘learning capable’.”
He says: “Make sure that you do the basics really well. Like you would with your house, make sure all the doors are closed first before you focus on advanced technology. Then invest in quality security tools, and enable your IT and security teams.”
This article was paid for by Kaspersky.