ao link

You are viewing 1 of your 1 articles as an unregistered user

For unlimited access to our free content, please register or login.

Six charity cyber threat predictions for 2021

We take a look at what the cyber crime trends that will be on the rise in 2021, and what you can do to stop cyber criminals when they strike

Copy of 2021 security threats main.jpg
Six charity cyber threat predictions for 2021

Cyber criminals are nothing if not opportunists - exploiting any vulnerabilities they find in software, hardware, or even people’s good nature, to steal data, extract ransom payments, and cause disruption. 

 

There’s no reason to think that 2021 will be any different in that regard. But the methods that cyber criminals employ to compromise the cyber security of their victims are likely to become even more targeted and sophisticated.  

 

In 2020, cyber criminals were merciless in the way they exploited the COVID-19 pandemic to their advantage, and this is likely to continue in 2021 thanks to the many vulnerabilities that still remain in the way that staff work from home.  

 

But in 2021, cyber criminals are likely to take a new tack. With excitement around a COVID-19 vaccine exploding, they are sure to find ways to exploit this excitement, as well as finding new or improved ways to breach the cyber security of charities and other organisations. 

 

Here are six threats that are likely to define the cyber security landscape in 2021: 

 

 

 

1.) Vaccine related phishing attacks

 
Phishing is an extremely dangerous threat to charities of all sizes: According to the Verizon Data Breach Investigations Report 201994% of malware is delivered via phishing emails, and 32% of overall data security breaches involve phishing.  

 

In 2021, expect to see charity staff bombarded with phishing emails which purport to contain "important vaccination information", "your COVID-19 vaccination appointment" or other vaccine-related content which staff will naturally be tempted to open and read. These emails will probably include an attachment with purportedly contains information about making an appointment for vaccination, but which will actually contain malware such as ransomware.  

 

How to mitigate the threatThe best way to tackle the threat of phishing attacks is by training staff never to click on links or open attachments in emails that they are not expecting. Some organisations also use anti-phishing training software such as Cofense’s Phishme or Sophos Phish Threat. 

 


Related Articles

7 things you need for blended working7 things you need for blended working
A beginner's guide to cyber security termsA beginner's guide to cyber security terms
Now more than ever …. #CharityFraudOutNow more than ever …. #CharityFraudOut
What is two-factor authentication?What is two-factor authentication?

 

2.) AI-powered ransomwar 

 

Good endpoint security software from reputable vendors such as Bitdefender and Avast uses many different techniques to spot ransomware when it infects a machine and disables it so that it is unable to encrypt important data.  

 

But malware authors are getting increasingly sophisticated, and in 2021 the prediction is that a new generation of ransomware programs which use artificial intelligence and machine learning to try to evade detection will appear 

Endpoint security vendors will then have to adapt their software to deal with this new type of threat, and the cat and mouse battle between malware authors and endpoint security software vendors will continue. 

 

How to mitigate the threat: Ensure that you are running the most up-to-date version of your endpoint security software, and check that your data is backed up regularly. You can also use other cyber security software such as Trend Micro RansomBuster or CheckPoint’s ZoneAlarm Anti-Ransomware. 

 

 


 

3.) Cloud jacking  

 

The pandemic means that many charity staff are working from home, and will continue to do so forat the very least, the first part of 2021.  

 

Many organisations have coped with the move to home working by using cloud services – both cloud-based applications, and cloud-based data storage and file sharing facilities. Cyber criminals will be looking to exploit this opportunity by using key loggers and other malware to obtain the log in credentials (usually a username and password) to take over or "cloud jack" these accounts and access any confidential data they contain.  

 

How to mitigate the threat: Ensure that two factor authentication (2FA) is activated whenever possible to add an additional layer of security to your cloud accounts. 

 

 

 

 

4.) Fake social media accounts and disinformation   

 

The 2020 U.S. election has highlighted the power of disinformation, and itour prediction that in 2021, hackers will start further develop their use of this technique 

 

Expect cyber criminals to set up fake social media accounts that claim to be the official voice of charities, and then ask people to make donations to bank accounts which actually belong to the cyber criminals.  

 

They may also use the account to make statements or claims which are damaging to the charity they purport to represent, and then demand a payment to stop doing so 

 

How to mitigate the threat: Task at least one person at your charity with checking social media platforms every day for mentions of your charity. If any fake accounts are detected, report them immediately so that they can be taken down. 

 

 

 

5.) Spearphishing  

 

There is no getting around the fact the home workers are more vulnerable from a cyber security perspective than staff working in a charity office, protected by office-grade cyber security systems.  

 

And that means that in 2021 cyber criminals will continue to exploit this vulnerability by every means possible. Aside from phishing attacks, senior staff at large organisations including charities are likely to encounter "spearphishing" attacks.  

 

These involve phishing emails which have been targeted specifically for the individual concerned, using real information that the cyber criminals have collected  after many hours of research, so they may appear to come from someone known to the recipient 

 

How to mitigate the threat: Since spam filters are generally ineffective against spearphishing emails, potential victims of spearphishing should be given extra training on a regular basis to remind them how to avoid falling victim. They should also follow our tips to stay secure in the ’new normal’. 

 

 

 

 

6.) Evil twins and man in the middle attacks  

 

As lockdowns ease, many home workers are bound to be tempted to take their laptops out to work in coffee shops, pubs, and other locations which offer public Wi-Fi. In 2021cyber criminals are likely to set up so-called evil twins.  

 

These are Wi-Fi access points set up by the cyber criminal, which look like legitimate ones. When a home worker connects to an evil twin, the cyber criminal can intercept passwords and other confidential data before sending it on to its intended destination. This is known as a man-in-the-middle or MITM attack.  

 

How to mitigate the threatThe best way to keep data secure when using a Wi-Fi access point in a public place is to connect to the charity office using a remote access VPN which encrypts data so that it is unreadable even if it is intercepted. If you are not connecting to your charity office you can also use a standalone VPN product such as ExpressVPN or NordVPN 

More on this topic

Tech Review: Rev

Tech Review: Rev

Tech Review: ChatGPT

Tech Review: ChatGPT

Webinar: Artificial intelligence and digital inclusion

Join us on the 11th of April for our webinar with Dell we will explore how AI is already impacting people and communities, the meanings of AI safety and AI literacy, and how charitable organisations can take action on digital and AI inclusion.

 

 

Sign up here