We take a look at what the cyber crime trends that will be on the rise in 2021, and what you can do to stop cyber criminals when they strike
Cyber criminals are nothing if not opportunists - exploiting any vulnerabilities they find in software, hardware, or even people’s good nature, to steal data, extract ransom payments, and cause disruption.
There’s no reason to think that 2021 will be any different in that regard. But the methods that cyber criminals employ to compromise the cyber security of their victims are likely to become even more targeted and sophisticated.
In 2020, cyber criminals were merciless in the way they exploited the COVID-19 pandemic to their advantage, and this is likely to continue in 2021 thanks to the many vulnerabilities that still remain in the way that staff work from home.
But in 2021, cyber criminals are likely to take a new tack. With excitement around a COVID-19 vaccine exploding, they are sure to find ways to exploit this excitement, as well as finding new or improved ways to breach the cyber security of charities and other organisations.
Here are six threats that are likely to define the cyber security landscape in 2021:
Phishing is an extremely dangerous threat to charities of all sizes: According to the Verizon Data Breach Investigations Report 2019, 94% of malware is delivered via phishing emails, and 32% of overall data security breaches involve phishing.
In 2021, expect to see charity staff bombarded with phishing emails which purport to contain "important vaccination information", "your COVID-19 vaccination appointment" or other vaccine-related content which staff will naturally be tempted to open and read. These emails will probably include an attachment with purportedly contains information about making an appointment for vaccination, but which will actually contain malware such as ransomware.
How to mitigate the threat: The best way to tackle the threat of phishing attacks is by training staff never to click on links or open attachments in emails that they are not expecting. Some organisations also use anti-phishing training software such as Cofense’s Phishme or Sophos Phish Threat.
Good endpoint security software from reputable vendors such as Bitdefender and Avast uses many different techniques to spot ransomware when it infects a machine and disables it so that it is unable to encrypt important data.
But malware authors are getting increasingly sophisticated, and in 2021 the prediction is that a new generation of ransomware programs which use artificial intelligence and machine learning to try to evade detection will appear.
Endpoint security vendors will then have to adapt their software to deal with this new type of threat, and the cat and mouse battle between malware authors and endpoint security software vendors will continue.
How to mitigate the threat: Ensure that you are running the most up-to-date version of your endpoint security software, and check that your data is backed up regularly. You can also use other cyber security software such as Trend Micro RansomBuster or CheckPoint’s ZoneAlarm Anti-Ransomware.
The pandemic means that many charity staff are working from home, and will continue to do so for, at the very least, the first part of 2021.
Many organisations have coped with the move to home working by using cloud services – both cloud-based applications, and cloud-based data storage and file sharing facilities. Cyber criminals will be looking to exploit this opportunity by using key loggers and other malware to obtain the log in credentials (usually a username and password) to take over or "cloud jack" these accounts and access any confidential data they contain.
How to mitigate the threat: Ensure that two factor authentication (2FA) is activated whenever possible to add an additional layer of security to your cloud accounts.
The 2020 U.S. election has highlighted the power of disinformation, and it’s our prediction that in 2021, hackers will start further develop their use of this technique.
Expect cyber criminals to set up fake social media accounts that claim to be the official voice of charities, and then ask people to make donations to bank accounts which actually belong to the cyber criminals.
They may also use the account to make statements or claims which are damaging to the charity they purport to represent, and then demand a payment to stop doing so.
How to mitigate the threat: Task at least one person at your charity with checking social media platforms every day for mentions of your charity. If any fake accounts are detected, report them immediately so that they can be taken down.
There is no getting around the fact the home workers are more vulnerable from a cyber security perspective than staff working in a charity office, protected by office-grade cyber security systems.
And that means that in 2021 cyber criminals will continue to exploit this vulnerability by every means possible. Aside from phishing attacks, senior staff at large organisations including charities are likely to encounter "spearphishing" attacks.
These involve phishing emails which have been targeted specifically for the individual concerned, using real information that the cyber criminals have collected after many hours of research, so they may appear to come from someone known to the recipient
How to mitigate the threat: Since spam filters are generally ineffective against spearphishing emails, potential victims of spearphishing should be given extra training on a regular basis to remind them how to avoid falling victim. They should also follow our tips to stay secure in the ’new normal’.
As lockdowns ease, many home workers are bound to be tempted to take their laptops out to work in coffee shops, pubs, and other locations which offer public Wi-Fi. In 2021, cyber criminals are likely to set up so-called evil twins.
These are Wi-Fi access points set up by the cyber criminal, which look like legitimate ones. When a home worker connects to an evil twin, the cyber criminal can intercept passwords and other confidential data before sending it on to its intended destination. This is known as a man-in-the-middle or MITM attack.
How to mitigate the threat: The best way to keep data secure when using a Wi-Fi access point in a public place is to connect to the charity office using a remote access VPN which encrypts data so that it is unreadable even if it is intercepted. If you are not connecting to your charity office you can also use a standalone VPN product such as ExpressVPN or NordVPN