Attackers are continuously adapting and disguising things to make them look acceptable, whether it is emails, text messages, fake news, social media scams. What threats does 2021 have in store for Small and Medium-sized Organisation? We explore the range that SMO's need to keep aware of.
This is edited content from Sarb Sembhi and co-host Nick Ioannou. Also in video and podcast media.
Table of Content
As we see through the end of 2020, which was a horrendous year for many Organisations in so many ways, 2021 looms with string of high-profile hacks that has sent shockwaves throughout the industry. Not only are attackers getting used to the changes to the new normal, they have got a lot more in store responding to the changing ways that we live and work from home. This affects all Organisations not just Small Organisations.
Today, we look at some of those threats from four perspectives, Firstly, threats that will continue (as they have been successful for attackers.) Secondly, older threats that are making a comeback. Thirdly, we have new and emerging threats, and finally the others – which are a mixture.
Current threats that will continue
Things that work are less likely to change, especially for criminals, if they are making money, they want to continue using the same tried and tested approaches, but keep ahead of technology.
Where they make changes to existing approaches, we have included them in the New and Emerging Threats.
"... threats that will continue include, ransomware, Managed Service Providers, supply chain and finally email based threats."
Like it or not, ransomware is not going away. It is too profitable for the criminals, which means it will continue to evolve. Locking a organisation out of their data though is no longer enough to convince many of them to pay a ransom, so data is also stolen with the threat of public disclosure and the resulting fallout to further convince organisation to quickly pay up.
To fuel their list of attack targets criminals are buying lists of compromised users and devices, to make it easier for them to get a return on their investments. Further, criminals are getting very aggressive about getting payments and Small Organisations may not know how to deal with the aggressive situation. Basically, this means that no Small Organisation is likely to be immune from attack unless they have previously prepared for how they will deal with such attacks.
Managed Service Providers (MSPs)
MSPs have always been an attractive target to cybercriminals and a compromised MSP could yield full remote access to potentially hundreds of victims, depending on the MSP’s client base. If the MSP also manages their client’s data backups, it would be easy for the cybercriminals to steal the data and monetise it at a later date. Cybercriminals would also be able to quickly install ransomware on the MSP’s clients, and in many cases disable much of the security due having full administrator rights on the client’s network.
These attacks highlight the importance of selecting the right MSP. It is important, not just in how secure they are, but also how do they deal with such breaches when they are discovered to respond quickly to help their customers. Their Incident Response capabilities are vital to protect their customers, so when choosing a MSP, check out their response to Incident Handling practices from a customer's perspective.
Supply chain compromise has always been an effective way of sidestepping the security and control processes of even the most secure of Organisations. By compromising the updates of a trusted service or piece of software by infiltrating the update servers of the vendors, additional functionality or installation steps can be added by cybercriminals. This can include swapping key library files for their own modified versions to introduce known vulnerabilities, as well as installing remote access trojans and other malware.
The most likely targets are those Organisations which have a product with updates, and have large installation bases. This may sometimes mean that an up-and-coming product that has been compromised may not be utilised until its market penetration is greater – thus gaining the most. Many of these attacks are targeted and the attackers are patient and willing to wait for bigger or greater prizes, as we have seen with the SolarWinds attack recently. Yes, we appreciate that it was a state sponsored attack, but the point is that attackers will wait for big prizes.
This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.
Infographic images are copyright of Virtually Informed, and available to registered users for download during the publication week of the blog article together with other downloadable resources, including: all related infographics on this page, example policy templates, posters, screen savers and much more.
Actions and Activities
Now, on SaRB for SMOs:
- Help us to help you by completing our short poll on this topic (only available when article is published).
- Let us know which FAQs you would like us to answer.
Later, in your Organisation:
- Complete Board level Policy Review
- Update Policy
- Present to the Board for Agreement
Finally, if you know anyone who could benefit from the information you have viewed, please invite them to register for SaRB for SMOs and share our resources with them.
Virtually Informed Resources:
- Glossary - at the top of this blog article (link to items).
- Infographics (Downloadable in the week of publication).
- Download Items - Policy Templates, etc. (Downloadable in the week of publication).
- FAQ’s (Available soon).
- Blog articles (link to items )
- How To articles (links only available to Premium subscribers).
- Other content (available soon)
- Ponemon Institute Survey
- Other Survey information
Images from https://www.pixabay.com.