5. Social engineering attacks are getting smarter
Social engineering attacks such as phishing are not new threats, but they are a growing concern among the increasingly remote workforce. Attackers target people who connect to their employer's network from home because they make easier targets. In addition to traditional phishing attacks against employees, there is also an increase in whaling attacks targeting executive management.
Thanks to the popularity of messaging apps like WhatsApp, Slack, Skype, Signal, WeChat, and others, SMS phishing, sometimes known as "smishing," is also gaining popularity. Attackers use these platforms to trick users into downloading malware onto their phones.
Another variation is voice phishing – also called “vishing”, which became popular in 2020 with the Twitter hack. Hackers posing as IT employees called customer service representatives and tricked them into providing access to an important internal tool. Vishing has been used to target numerous companies, including financial institutions and large corporations.
There is also SIM jacking, where fraudsters contact representatives of a particular customer's mobile operator and convince them that the SIM card has been compromised. This makes it necessary to transfer the phone number to another card. If the spoofing is successful, the cybercriminal gains access to the digital content of the target's phone.
Organizations are improving their phishing defenses, but criminals are always looking for new ways to stay ahead. This includes sophisticated phishing methods that target victims differently depending on their location.
6. Data privacy as a discipline
One of the major data security trends is the rise of data privacy as a discipline in its own right. A number of high-profile cyberattacks have resulted in the exposure of millions of personally identifiable information records (PII). This is combined with the introduction of stricter data laws around the world such as the EU's GDPR, with data privacy increasingly being prioritized.
Organizations that fail to comply with regulations and consumer expectations risk fines, bad publicity and loss of consumer trust. Data privacy affects almost every aspect of an organization. As a result, organizations are placing greater emphasis on hiring data privacy officers and providing role-based access controls, multi-factor authentication, network segmentation and external assessments to identify areas for improvement.
7. Improvement of multi-factor authentication
Multi-factor authentication (MFA) is considered the gold standard of authentication. However, malicious actors are finding new ways to bypass it – in particular, authentication via SMS or phone calls. As a result, in 2020 Microsoft advised users to stop using phone-based MFA, instead recommending the use of app-based authenticators and security keys.
SMS has built-in security, but messages sent are not encrypted, including for authentication purposes. This means that malicious actors can perform automated man-in-the-middle attacks to obtain one-time passcodes in plain text. This creates a vulnerability for activities such as online banking, where authentication is often done via SMS. Increasingly, we'll see banks and other organizations turn to app-based MFA like Google Authenticator, Authy, and others to solve this problem.
8. The continued rise of artificial intelligence (AI)
The sheer volume of cyber security threats is too much for humans to handle alone. As a result, organizations are increasingly turning to artificial intelligence and machine learning to improve their security infrastructure. There are cost savings in doing so: organizations that suffered a data breach but fully implemented AI technology saved an average of $3.58 million in 2020.
Artificial intelligence has played an important role in building automated security systems, natural language processing, facial recognition and automatic threat detection. Artificial intelligence also enables faster analysis of large amounts of risk data. This is useful for both large companies that deal with large amounts of data, and small or medium-sized companies where security teams can be under-resourced.
While AI presents a significant opportunity for stronger threat detection among businesses, criminals are also using the technology to automate their attacks using a variety of methods.
Practical applications of AI are still evolving – we expect AI and machine learning-driven security tools to continue to grow in sophistication and capability.
9. Mobile cybersecurity at the forefront
The telecommuting trend is also accelerating the growth of mobile. It's common for remote workers to switch between a range of mobile devices, such as tablets and phones, using public Wi-Fi networks and remote collaboration tools. As a result, mobile threats continue to grow and evolve. The ongoing deployment of 5G technology also creates potential security vulnerabilities that need to be patched, as they are known.
Mobile threats include:
Special spyware designed to spy on encrypted messaging apps.
Criminals exploiting critical security vulnerabilities in Android devices.
Mobile malware with a variety of possible application scenarios, from Distributed Denial of Service (DDoS) attacks to SMS spam and data theft.
Mobile cybersecurity is a broad topic that encompasses back-end/cloud security, network security, as well as the network of increasingly connected objects such as wearables and automotive devices (ie, the Internet of Things). There is no single way to protect applications in secure environments - instead, it's about providing additional layers of security to increase the overall level of security. Security professionals combine mobile software security with hardware-based security solutions to strengthen the protection of sensitive data.
In this age of accelerated digital transformation, cybercriminals are constantly looking for new ways to target and harm individuals and organizations, which means cybersecurity issues continue to evolve.