2021 Cyber Threat Landscape

Cyber threats can be any event or action that triggers unwanted or unauthorized modification, disclosure of data, or the unavailability of that data. Many threats are well-known, easy to understand, and there are well-established techniques for protecting against them. It is essential to realize that the types of cyber threats that have existed for years are the same as those we are dealing with today. It is not that the threats that have changed, but that the sheer number of threats and the evolving attack methods are the real issues facing MSPs in 2021.

You may not know you are being attacked or have been the victim of an attack -- until it is too late. Many attacks go unnoticed for long periods, especially if you, or your organization, are not actively looking for the evidence left behind from a cyber incident. No installation is an exception. Even small businesses, such as corner food stores and cafes, are prime targets for local attackers who notice details of an online retail computer system while in the store.

For 2021, the most common threat sources will be many of the usual suspects, such as the following:

Malware

Short for malicious software. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.

Insider Threat

An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems. Insider threats also include unintentional threats like unauthorized or accidental modification of software.

Mobile and Remote Users

Authorized users granted the ability to access an organization’s non-public computing resources from locations other than the physical place of business may be exposed to additional threats of compromise while working from home or working remotely.

Web-Based Attack

Web based attacks are browser-based threats that are designed to infect victims’ computers while innocently browsing the web. Such threats are often delivered by a malicious ad or script originating from an unknown third-party that provides a portion of the website’s content.

Phishing

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and/or credit card information by disguising themselves as a trustworthy source via electronic communication.

Cloud

Cloud based threats include:

• Incorrect permissions to AWS S3 storage.
• Inadequate access management.
• Neglecting to deactivate cloud accounts after employees leave the business or change roles.

Natural Threats

Natural threats include floods, earthquakes, tornadoes, temperature extremes, hurricanes, and storms.

Social Engineering

Social engineering is a non-technical cyber-attack that relies heavily on human interaction and often involves tricking people into breaking standard security practices or tricking them into revealing passcodes or granting access to computer systems or services.

Vendor Threat

According to an Opus and Ponemon Institute study from 2018, 59% of companies have experienced a data breach caused by one of their vendors or third parties. A recent example of a third-party vendor threat was seen late in 2020 when software updates to a SolarWinds Orion product delivered malware to as many as 18,000 customers.

Threat protection for 2021

To prepare for 2021, identify and prioritize the threats that pertain to your day-to-day business operations. Consider all likely threat vectors and address security and threat potentials with respect to their probability and impact upon your organization and business operations. For example, viruses and malware may be more frequent; however, you may have already mitigated most of their impact and effect by adopting an endpoint protection solution. In comparison, a denial-of-service attack and a remote-control compromise may present more severe challenges to your business operations.

It is essential to prioritize, classify, and analyze your current and emerging security threats as they may impact your business operations. Doing so should enable you to better define the necessary risk-mitigating actions you will need to take.

Since you cannot manage what you cannot measure, you will also need to assess and develop performance metrics and/or scorecards that reflect your ability to defend against the recognized threat vectors. Remember, having "metrics-for-metrics sake" is often a useless exercise full of meaningless data. You always want your metrics to provide business insight that allows for better decision making.

For a business to make security metrics useful in management terms, you must evolve from just gathering data to transforming information into knowledge. With such understanding comes the wisdom necessary to perform the analysis, diagnosis, and prognosis required to make appropriate business decisions.

Otherwise, senior leadership's interest will wax and wane, and their support needed to accomplish security strategy goals and objectives for your organization will falter.