From identity theft to formjacking and ransomware, the top 10 cyber crimes to be wary of during 2021
▶ Online security market is forecast to reach $363.05bn in 2025, about 125% more than what was spent last year
The Covid-19 pandemic affected many businesses this year and led to mass lay-offs and budget cuts. However, cyber security was one of the few industries that remained largely immune to the downturn and it offered a good return on investment.
Vulnerability to cyber attacks increased as more people worked remotely and stayed online for longer hours.
The cyber security market is set to grow at an annual rate of 14.5 per cent over the next five years and is expected to be worth $363.05 billion by 2025, about 125 per cent more than what was spent last year, according to research consultancy Mordor Intelligence.
“We see more growth coming out of B2B [business-to-business] and industrial sectors ... especially because many businesses have moved online,” said Eugene Kaspersky, founder and chief executive of Moscow-based cyber security company Kaspersky.
“There is more demand for solutions that could help enterprises to control their entire systems remotely.”
Cyber crimes – that include data theft, extortion and the theft of identities and intellectual property – cost the world about $600bn a year, or 0.8 per cent of the global economy, according to a 2018 report by the Centre for Strategic and International Studies and software security company McAfee.
As we move into the postCovid era, here are the top 10 cyber security trends for next year:
Lack of defence
Over the years, cyber criminals have become more “industrialised and organised to [become] more effective”, whereas the defenders have not evolved at the same pace, according to Matthew Gardiner, director of enterprise security campaigns at London-based security company Mimecast.
“Law enforcement is unable to keep up and bring the cyber criminals to justice for [several] reasons,” Mr Gardiner said. “It is like the defenders are defending against a series of penalty kicks, even though the people committing the penalties are taking the shots.”
More connected approach
A reliance on individual point security solutions to combat sophisticated threats or cyber attacks will be one of the biggest loose ends in 2021, industry experts said.
“While stand-alone solutions can address specific vectors of attack, cyber criminals will continue to be able to exploit the gaps between point solutions and take advantage of the lack of connectivity,” said Ajay Nawani, director of sales engineering for the Middle East and Africa at British security company Sophos.
“Organisations need a layered approach to security ... where products connect and share information.”
Rise of ransomware
The use of ransomware has increased and become more dangerous this year. It will continue its rapid rise next year and its variations will increase with the frequency of attacks.
“Organisations need to be prepared for a ransomware attack. They should establish secured backups that teams can revert to when necessary,” according to US cyber security company FireEye.
“Organisations are going to be targeted and they are going to be compromised, so it is crucial to have prevention and recovery strategies in place.”
Ransomware attacks involve threats to publish a victim’s data or confidential details if a ransom is not paid.
Pressure on healthcare systems
With a growing reliance on telemedicine, personally identifiable information, or PII, is being accessed from remote locations.
It becomes more prone to attacks by hackers if not handled carefully. At the same time, vaccine-related data pertaining to trials and formulas is one of the most sought-after intellectual property.
“The drive to get hold of it for financial or political gain is putting healthcare and biotech organisations under intense pressure from external threats and insider risk,” said Tom Kellermann, head of cyber security strategy at Massachusetts-based VMware Carbon Black.
However, the strain on healthcare cyber security is not going unheeded, Mr Kellermann said.
“We will see increased budgets in the sector to combat the growth in external threats,” he said.
Cloud security risk
Whether large or small, no organisation is immune to a cloud risk. Accurate tracking of cloud assets should be a priority for all businesses next year.
Traditionally, many companies have delayed the adoption of multi-factor authentication as they hastened their migration to cloud platforms. This could cause “irreversible damages”, experts said.
“Organisations need to strengthen the methods of accessing data,” said FireEye. “They should focus on employees’ identity and access management and revisit regularly to check who qualifies for privileged access.”
Defensive and offensive AI
Technology innovation is as relevant to attackers as it is to defenders. While artificial intelligence and machine learning have significant benefits, there could be drawbacks as well.
“The silver lining is that in 2021 defenders will begin to see significant AI and machine-learning advancements and their integration into the security stack,” said Mr Kellermann.
“As awareness of how attackers are using automation increases, we can expect defenders to fix the issue, maximising automation to spot malicious activity faster.”
3D printers challenging biometric security
3D printers went from niche machines that cost thousands of dollars to being cheaper than a video-game console. Easy availability and widespread usage of 3D printers, boosted by the Covid-19 pandemic, could pose a potential cyber challenge.
“3D-printed fingerprints and faces that can pass biometric authenticators are not part of a sci-fi future,” said Jarrod Overson, director of engineering for shape security at technology company F5. He said they are right around the corner and “won’t require a high-quality scan of a victim, either.”
Formjacking to steal credit card details
Another significant threat is formjacking, where cyber criminals inject malicious code to hack a website and take over the functionality of the site’s form page.
The code is designed to steal credit card details and other personal information from payment forms that are captured on the checkout pages of shopping websites.
“Your transaction will go through but behind the scenes, your credit card information is being stolen by attackers ... and could potentially be sold on the dark web,” according to Unit 42, a global threat intelligence team at Santa Clara-based Palo Alto Networks. Consumers should make it a habit to check their credit card statements for any suspicious payments.
Rise in phishing attacks
Phishing typically comes in the form of fraudulent emails that are designed to obtain the personal information of victims, such as credit card details or sensitive data such as user names and passwords.
Tokyo-based cyber company Trend Micro detected more than 41.2 million email threats in the GCC in the first half of this year. It also blocked 163,774 coronavirus-related threats and said 36,312 were spam-delivered through email.
“The GCC’s high rates of cyber attacks across email show that cyber criminals are ramping up their exploits of the weak points in organisations’ end points, network and cloud ... especially with Covid-related threats,” said Moataz Bin Ali, vice president for the Mena region at Trend Micro.
Increased smartphone compromise
Mobile devices and operating systems will increasingly become the target of cyber criminals next year as business becomes more mobile and remote working persists.
“As employees use personal devices to review and share sensitive corporate information, these become an excellent point of ingress for attackers,” said Mr Kellermann.
He said combating these risks requires a combination of new mobile device policies and infrastructure designed to enable continued remote working.