EP 02: The Twenty-One Biggest Cybersecurity Threats, Trends, Predictions for 2021 – #2. Growing Cyber Attacks
The world is awash in cybersecurity attacks, and there seems to be no end in sight. What was once a rarity is now being accepted as commonplace in today’s world as data breaches just keep coming and coming, an almost one-way freight train that can’t be stopped. Think of the recent high-profile cyber-attacks and how devastating they’ve been – the Sony Pictures breach of 2014, Yahoo’s compromise of hundreds of millions of user accounts from 2012 to 2014, and to top it all off, Equifax, the company who makes a living reporting, securing, and monitoring credit files, and their massive – and no doubt embarrassing – data breach that occurred in 2017.
Keep in mind that not all cyber-attacks lead to data breaches – many times they do – but often the purpose of such an attack is to create chaos, confusion for the masses, disrupting services heavily rely on.
As for 2020, the following high-profile cyber-attacks and data breaches either occurred or were reported on:
Landry’s Restaurants Brands: On January 2, 2020, dining conglomerate, Landry’s, announced a point-of-sale malware attack that targeted customers’ payment card data. The malicious code is expected to have picked up payment details from credit and debit cards swiped on Landry’s order entry systems between the period of March 13, 2019 and October 17, 2019. The stolen consumer data included credit and debit card numbers, expiration dates, verification codes, and cardholder names.
In February, 2020, it was reported that cosmetic giant Estee Lauder had a non-password protected cloud database containing hundreds of millions of customer records and internal logs that became exposed online. It is estimated that a total of 440,336,852 individual data pieces were exposed, according to researcher Jeremiah Fowler at Security Discovery.
And a 2018 study by the Ponemon Institute, conducted in collaboration with Raytheon, highlighted the following issues relating to cybersecurity by the year 2021:
- A data breach from an unsecured Internet of Things (IoT) device in the workplace is predicted to be very likely over the next three years (i.e., 2021). 82% of respondents predict unsecured IoT devices will likely cause a data breach in their organizations with 80% saying that such a breach could be “catastrophic.”
- Breaches involving what the report called involving “high-value information” will have the greatest negative impact on organizations by 2021. According to the report, “Respondents were asked to rate cyber threats to their organizations from 1 = low risk to 5 = high risk. In 2018, only 22% of respondents say cyber warfare is a high risk, yet by 2021, 51% of respondents say it will be a high risk.
The cold hard truth is that hackers are good at what they do, and getting better all the time.
Remember, they only have to be right once, whereas businesses have to be right every time when it comes to effective InfoSec and cybersecurity measures. That’s not a winning formula, and its exactly why breaches will continue in 2021, and why they’ll also grow in terms of occurrences and severity.
So, is all lost and can nothing be done against what seems to be an onslaught of never-ending cyber-attacks coming our way? Not so fast, and let’s not get down on ourselves. Yes, there are effective measures that can be used for pushing back on such attacks, but the bigger question is this: Are businesses truly prepared to face the music and invest in comprehensive InfoSec and cybersecurity resilience measures?
We can only hope.
Talk is cheap, as the old saying goes, but businesses will need to step up to the plate and hit a grand slam in terms of investing in information security strategies that work. This means acquiring proven security tools and solutions, hiring competent and well-qualified I.T. personnel, training employees on current and emerging security issues, and more. But more than anything, businesses need an about-face change when it comes to security. This is not a start and stop strategy, a one-and-done scenario that’s turned on and off like a light switch. This is about a true culture change whereby security is engrained into the mindset of the organization. Implementing information security the “right” way will have profound benefits for years to come, no question about it.
Businesses can spend all the money that want on industry leading security tools and solutions, but without a “security first” mindset, one’s information security and cyber resilience programs are dead on arrival. I’ve heard countless stories of organizations investing heavily in high-priced network security tools, only to find these products sitting on standby gear as they’ve failed to be implemented at all. And with a tight labor market where well-qualified, highly-experienced security and compliance professionals are hard to come by, challenges will continue to mount for organizations.
Buying security products and doing nothing with them, well, that’s not security, that’s nothing but a waste of both time and money.
Changing the corporate culture is the very first – and most important element – when it comes to protecting organizational assets from growing cyber-attacks. Train your employees on emerging security issues, threats, trends, and best practices. Make security a priority with every new-hire in terms of training. Bring in experts from the outside for helping educate your employees. Do whatever you need to do for creating a corporate culture that understands security, and its overall importance.
To learn more about cybersecurity and how to protect your organization, visit charlesdenyer.com today and get access to a wide range of world-class resources on all things cyber. Additionally, my companies offer comprehensive cybersecurity, data privacy, and regulatory compliance services & solutions for businesses all across the globe. Book a call with me today at charlesdenyer.com/contact and let’s discuss your needs.