As per the World Economic Forum’s Global Risks Report 2021, cyber risks were ranked as a top world threat alongside the pandemic, climate change, and debt crises. With three months of 2021 behind us, how is this year’s cyber risk landscape shaping up? Not surprisingly, new ransomware attack vectors, global data security initiatives and more scams related to COVID are topping the list.
Ransomware Rages On
The popularity of ransomware has skyrocketed in recent years, and it’s showing no signs of slowing. Currently the most popular malware in the world is Emotet, a widely used loader for ransomware. In 2020, 28% of businesses fell victim to ransomware attacks, found one survey — and a whopping 75% of those victims paid off their attackers to regain access to their data.
2021 isn’t shaping up to be much better, with several high-profile ransomware attacks in just March, including insurance giant CNA on March 21st and IoT device manufacturer, Sierra Wireless, on March 20th. More disturbingly, a new type of ransomware that is a variant of Hades is going after “big game” in the U.S. – companies with over $1 billion in annual revenue.
Even if an organization can restore their data with a back-up, malicious actors can still find sensitive data such as clear-text information or financial data, which they can leverage to force companies to pay a ransom. 2021 is demonstrating how crucial it is to protect sensitive data with tokenization and point-to-point encryption (P2PE) solutions to minimize damage from ransomware attacks.
International Affairs Take the Data Security Spotlight
The 2020 cyberattack on SolarWinds, the IT provider for several key U.S. federal offices, put the spotlight on data security as it pertains to international affairs and national security. And government entities aren’t the only targets for foreign threats. In 2020, the Department of Justice revealed that the massive Equifax breach of 2017 was a state-funded attack executed by four members of the People’s Liberation Army of China.
One of the big changes so far in 2021 as a result of these types of attacks is the potential introduction of new federal regulations around when and how technology companies report data breach incidents.
Foreign actors interested in swiping citizens’ data will target any source that stores it — government or not — which is why having a robust and holistic defense-in-depth security strategy is essential for organizations in 2021 and beyond.
Healthcare Takes More Hits
Healthcare providers are treasure troves of valuable data for hackers, which is why it’s one of the most targeted industries for cyberattacks in the United States. Add the rush to vaccinate billions of people against COVID19 to the mix, and you’ve got a recipe for a data security disaster.
In January, IBM reported a suspected foreign hacking group attack on the vaccine supply chain — specifically the cold chain, which is used to keep doses at the correct temperature. Phishing campaigns, robocalls and even text messages have also dogged people waiting for a vaccine spot to open up.
As of March 29, 2021, just 15.5% of the U.S. population had been vaccinated, so cybersecurity experts expect the threat of vaccine scams to continue for the foreseeable future.
Remote Work Remains a Vulnerability
Last year, COVID-19 forced more businesses than ever to shift to remote work. It’s no surprise, then, that IT security managers reported that their top concern in 2021 is limited security for remote workers.
The quick transition from office life to working from home meant organizations had virtually no time to ensure that employees’ digital environmentals were adequately secured. Outside of the safety of their company’s secured network, employees become easy targets for bad actors. Even trusted messaging apps like Microsoft Teams and Slack can, and have been, infiltrated by hackers looking for valuable log-in credentials. Many experts suggest using a zero-trust architecture to secure remote work, although even this may not be foolproof. One thing is clear: with more companies planning to continue a remote work environment in 2021, data security needs are increasing.
Protect Your Data This Year
No matter what sector your organization is in, 2021 is predicted to be a rollercoaster year for data security. If you’re looking to double-down on your security strategy, we’re here to help. Bluefin specializes in PCI-validated P2PE and our ShieldConex® tokenization platform to secure sensitive data both at the point of sale and online.
Contact Bluefin today to find out more about our payment and data security solutions.