purplesec.us
Open in
urlscan Pro
2606:4700:20::681a:f65
Public Scan
Submitted URL: https://portnox.orvenus.com/api/mailings/click/PMRGSZBCHI2DKNRUGAWCE5LSNQRDUITIOR2HA4Z2F4XXA5LSOBWGK43FMMXHK4ZPMN4WEZLSFVZWK...
Effective URL: https://purplesec.us/cyber-security-trends-2021/
Submission Tags: falconsandbox
Submission: On March 20 via api from US — Scanned from DE
Effective URL: https://purplesec.us/cyber-security-trends-2021/
Submission Tags: falconsandbox
Submission: On March 20 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
POST https://purplesec.us/wp-comments-post.php?wpe-comment-post=purplesecllc
<form action="https://purplesec.us/wp-comments-post.php?wpe-comment-post=purplesecllc" method="post" id="commentform" class="comment-form"><span class="qodef-input-title">Comment</span><textarea id="comment" placeholder="Write your comment here..."
name="comment" cols="45" rows="8" aria-required="true"></textarea>
<div class="qodef-three-columns clearfix">
<div class="qodef-three-columns-inner">
<div class="qodef-column">
<div class="qodef-column-inner"><span class="qodef-input-title">Name</span><input id="author" name="author" placeholder="Your full name" type="text" value="" aria-required="true"></div>
</div>
<div class="qodef-column">
<div class="qodef-column-inner"><span class="qodef-input-title">Email</span><input id="email" name="email" placeholder="E-mail address" type="text" value="" aria-required="true"></div>
</div>
<div class="qodef-column">
<div class="qodef-column-inner"><span class="qodef-input-title">Website</span><input id="url" name="url" type="text" placeholder="Website" value=""></div>
</div>
</div>
</div>
<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"><label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next time
I comment.</label></p>
<div class="c4wp_captcha_field" style="margin-bottom: 10px;">
<div id="c4wp_captcha_field_1" class="c4wp_captcha_field_div rendered">
<div style="width: 304px; height: 78px;">
<div><iframe title="reCAPTCHA"
src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfivbcUAAAAANih176PLecWC6w7k6QLawAQbODE&co=aHR0cHM6Ly9wdXJwbGVzZWMudXM6NDQz&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&theme=light&size=normal&cb=f32vewynaa37"
width="304" height="78" role="presentation" name="a-gkingzkdcylj" frameborder="0" scrolling="no" sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox"></iframe>
</div><textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response"
style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div><iframe style="display: none;"></iframe>
</div>
</div>
<p class="form-submit"><input name="submit" type="submit" id="submit_comment" class="submit" value="Send message"> <input type="hidden" name="comment_post_ID" value="7010" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
</form>GET https://purplesec.us/
<form role="search" method="get" id="searchform" action="https://purplesec.us/">
<div><label class="screen-reader-text" for="s">Search for:</label>
<input class=" no-livesearch" type="text" value="" placeholder="Search" name="s" id="s">
<i class="ion-ios-search-strong"></i>
</div>
</form>POST /cyber-security-trends-2021/#wpcf7-f616-o1
<form action="/cyber-security-trends-2021/#wpcf7-f616-o1" method="post" class="wpcf7-form cf7-style init" aria-label="Contact form" novalidate="novalidate" data-status="init">
<div style="display: none;">
<input type="hidden" name="_wpcf7" value="616">
<input type="hidden" name="_wpcf7_version" value="5.7.4">
<input type="hidden" name="_wpcf7_locale" value="">
<input type="hidden" name="_wpcf7_unit_tag" value="wpcf7-f616-o1">
<input type="hidden" name="_wpcf7_container_post" value="0">
<input type="hidden" name="_wpcf7_posted_data_hash" value="">
</div>
<div class="qodef-two-columns-50-50">
<div class="qodef-two-columns-50-50-inner">
<div class="qodef-column">
<div class="qodef-column-inner">
<p><span class="qodef-input-title">Name</span><br>
<span class="wpcf7-form-control-wrap" data-name="your-name"><input size="40" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required" aria-required="true" aria-invalid="false" value="" type="text" name="your-name"></span>
</p>
</div>
</div>
<div class="qodef-column">
<div class="qodef-column-inner">
<p><span class="qodef-input-title">Email</span><br>
<span class="wpcf7-form-control-wrap" data-name="your-email"><input size="40" class="wpcf7-form-control wpcf7-text wpcf7-email wpcf7-validates-as-required wpcf7-validates-as-email" aria-required="true" aria-invalid="false" value=""
type="email" name="your-email"></span>
</p>
</div>
</div>
</div>
</div>
<div>
<p><span class="qodef-input-title">Subject</span><br>
<span class="wpcf7-form-control-wrap" data-name="your-subject"><input size="40" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required" aria-required="true" aria-invalid="false" value="" type="text" name="your-subject"></span>
</p>
</div>
<div>
<p><span class="qodef-input-title">Message</span><br>
<span class="wpcf7-form-control-wrap" data-name="your-message"><textarea cols="40" rows="10" class="wpcf7-form-control wpcf7-textarea" aria-invalid="false" name="your-message"></textarea></span>
</p>
</div>
<div>
<p><input class="wpcf7-form-control has-spinner wpcf7-submit" type="submit" value="Send message"><span class="wpcf7-spinner"></span>
</p>
</div><input type="hidden" class="wpcf7-pum" value="{"closepopup":false,"closedelay":0,"openpopup":false,"openpopup_id":0}">
<div class="wpcf7-response-output" aria-hidden="true"></div>
<input type="hidden" name="pum_form_popup_id" value="6465">
</form>Text Content
MENUMENU
* Case Studies
* Podcast
* Services
* *
* * Build Your Security Program
* Managed Security Provider
* Virtual CISO (vCISO)
* Comprehensive Security Policies
* Security Risk Assessment
* Security Strategy Planning
* Security Program Development
* Speak With An Expert
* * Managed Network Security
* Automated Patch Management
* Zero-Trust Network Access (ZTNA)
* Secure Access Service Edge (SASE)
* Managed Detection & Response (MDR)
* Secure Web Gateway (SWG)
* Firewall As A Service (FWaaS)
* View All Services
* * Security Assessments
* Penetration Testing
* Ransomware Simulations
* Advanced Social Engineering
* Compliance Readiness
* Security Gap Assessment
* HIPAA Risk Assessment
* Resources
* *
* * Cyber Security Insights
* Recent Cyber Attacks In 2023
* Top 10 Vulnerabilities In 2022
* Top Cyber Attacks In 2022
* How To Prevent Cyber Attacks
* Cyber Security Statistics
* Security Trends Report
* Explore All Resources
* * Security Policy Templates
* Comprehensive Security Policies
* Information Security Policies
* Data Security Policies
* Network Security Policies
* Penetration Testing Policy
* Vulnerability Assessment Policy
* View All Templates
* * Blog
* What Is Cyber Security?
* Cyber Security Tools
* Free Sample Reports
* Network Penetration Test Report
* Application Penetration Test Report
* Vulnerability Assessment Report
* Learn
* *
* * Security Strategy
* What Is A Virtual CISO?
* Conducting A Risk Assessment
* Develop A Cyber Security Strategy
* Building A Security Program
* Types Of Security Controls
* Network Security
* What Is Network Security?
* Develop A Network Security Plan
* Managing Network Security
* * Vulnerability Management
* What Is Vulnerability Management?
* Risk-Based Vulnerability Management
* Build A Vulnerability Management Program
* Vulnerability & Patch Management KPIs
* Automating Vulnerability Remediation
* Data Security
* Data Security Strategies For 2023
* Implement Data Security Policies
* * Penetration Testing
* What Is Penetration Testing?
* Network Penetration Testing
* Application Penetration Testing
* Automating Penetration Testing
* Continuous Penetration Testing
* Social Engineering
* Why Social Engineering Works
* Security Awareness Training
* Creating A Phishing Campaign
* Why PurpleSec?
* Free Consultation
MENUMENU
* Case Studies
* Podcast
* Services
* *
* * Build Your Security Program
* Managed Security Provider
* Virtual CISO (vCISO)
* Comprehensive Security Policies
* Security Risk Assessment
* Security Strategy Planning
* Security Program Development
* Speak With An Expert
* * Managed Network Security
* Automated Patch Management
* Zero-Trust Network Access (ZTNA)
* Secure Access Service Edge (SASE)
* Managed Detection & Response (MDR)
* Secure Web Gateway (SWG)
* Firewall As A Service (FWaaS)
* View All Services
* * Security Assessments
* Penetration Testing
* Ransomware Simulations
* Advanced Social Engineering
* Compliance Readiness
* Security Gap Assessment
* HIPAA Risk Assessment
* Resources
* *
* * Cyber Security Insights
* Recent Cyber Attacks In 2023
* Top 10 Vulnerabilities In 2022
* Top Cyber Attacks In 2022
* How To Prevent Cyber Attacks
* Cyber Security Statistics
* Security Trends Report
* Explore All Resources
* * Security Policy Templates
* Comprehensive Security Policies
* Information Security Policies
* Data Security Policies
* Network Security Policies
* Penetration Testing Policy
* Vulnerability Assessment Policy
* View All Templates
* * Blog
* What Is Cyber Security?
* Cyber Security Tools
* Free Sample Reports
* Network Penetration Test Report
* Application Penetration Test Report
* Vulnerability Assessment Report
* Learn
* *
* * Security Strategy
* What Is A Virtual CISO?
* Conducting A Risk Assessment
* Develop A Cyber Security Strategy
* Building A Security Program
* Types Of Security Controls
* Network Security
* What Is Network Security?
* Develop A Network Security Plan
* Managing Network Security
* * Vulnerability Management
* What Is Vulnerability Management?
* Risk-Based Vulnerability Management
* Build A Vulnerability Management Program
* Vulnerability & Patch Management KPIs
* Automating Vulnerability Remediation
* Data Security
* Data Security Strategies For 2023
* Implement Data Security Policies
* * Penetration Testing
* What Is Penetration Testing?
* Network Penetration Testing
* Application Penetration Testing
* Automating Penetration Testing
* Continuous Penetration Testing
* Social Engineering
* Why Social Engineering Works
* Security Awareness Training
* Creating A Phishing Campaign
* Why PurpleSec?
* Free Consultation
MENUMENU
* Case Studies
* Podcast
* Services
* *
* * Build Your Security Program
* Managed Security Provider
* Virtual CISO (vCISO)
* Comprehensive Security Policies
* Security Risk Assessment
* Security Strategy Planning
* Security Program Development
* Speak With An Expert
* * Managed Network Security
* Automated Patch Management
* Zero-Trust Network Access (ZTNA)
* Secure Access Service Edge (SASE)
* Managed Detection & Response (MDR)
* Secure Web Gateway (SWG)
* Firewall As A Service (FWaaS)
* View All Services
* * Security Assessments
* Penetration Testing
* Ransomware Simulations
* Advanced Social Engineering
* Compliance Readiness
* Security Gap Assessment
* HIPAA Risk Assessment
* Resources
* *
* * Cyber Security Insights
* Recent Cyber Attacks In 2023
* Top 10 Vulnerabilities In 2022
* Top Cyber Attacks In 2022
* How To Prevent Cyber Attacks
* Cyber Security Statistics
* Security Trends Report
* Explore All Resources
* * Security Policy Templates
* Comprehensive Security Policies
* Information Security Policies
* Data Security Policies
* Network Security Policies
* Penetration Testing Policy
* Vulnerability Assessment Policy
* View All Templates
* * Blog
* What Is Cyber Security?
* Cyber Security Tools
* Free Sample Reports
* Network Penetration Test Report
* Application Penetration Test Report
* Vulnerability Assessment Report
* Learn
* *
* * Security Strategy
* What Is A Virtual CISO?
* Conducting A Risk Assessment
* Develop A Cyber Security Strategy
* Building A Security Program
* Types Of Security Controls
* Network Security
* What Is Network Security?
* Develop A Network Security Plan
* Managing Network Security
* * Vulnerability Management
* What Is Vulnerability Management?
* Risk-Based Vulnerability Management
* Build A Vulnerability Management Program
* Vulnerability & Patch Management KPIs
* Automating Vulnerability Remediation
* Data Security
* Data Security Strategies For 2023
* Implement Data Security Policies
* * Penetration Testing
* What Is Penetration Testing?
* Network Penetration Testing
* Application Penetration Testing
* Automating Penetration Testing
* Continuous Penetration Testing
* Social Engineering
* Why Social Engineering Works
* Security Awareness Training
* Creating A Phishing Campaign
* Why PurpleSec?
* Free Consultation
29 Apr
10 CYBER SECURITY TRENDS YOU CAN’T IGNORE IN 2021
by Jason Firch, MBA
Reviewed by Josh Allen
in Cyber Security
Comments
In this article, we offer our perspective on the top 10 cyber security trends in
2021.
Our team of IT security experts have spent hundreds of hours researching and
analyzing the emerging threat landscape in 2020 to bring forward these
predictions.
The purpose is to explain how these threats impact businesses and individuals
alike while delivering actionable steps you can take to be more secure.
OUR 2021 CYBER SECURITY PREDICTIONS
1. Lockdowns Permanently Change How We Conduct Business
2. Patch Management Will Become A Top Priority For The C-Suite
3. Ransomware Will Continue To Be The #1 Threat
4. Supply Chain Attacks Will Grow And Be More Targeted
5. CMMC Will Set The Tone For Enforcing Security Standards
6. Security Operations Center (SOC) Services Will Grow
7. Multi-Factor Authentication Use Will Evolve
8. The Cold War Of Cyber Security Is Here And Will Heat Up
9. Mining, Transportation, Construction, And Energy Are Prime Targets
10. Drive-By Wireless Attacks Will Impact Remote Workers
1. LOCKDOWNS PERMANENTLY CHANGE HOW WE CONDUCT BUSINESS
As businesses have shifted their workforce to flex models or full-time work from
home models, so has the attack surfaces. Threat actors take advantage of current
events and changing circumstances to exploit those who are most susceptible.
By now you’ve likely come across an email, phone, or text message scam related
to Covid-19. Or, charities that claim to be assisting front-line workers. Worse
yet, those who pretend to sell protective equipment, hand sanitizer, or food.
In fact, cybercrime as a whole has increased by 600% since the beginning of the
global pandemic.
As the world continues to wait for the future of the virus and lockdowns there’s
one thing that’s certain – cybercrime will only continue to increase in 2021.
Lockdowns have permanently changed everything about how we conduct business.
The obvious benefits of reducing capital expenditures aside – productivity
increased by 47% YoY despite work from home culture.
Further, states like Florida and Texas are attracting the largest companies and
talent away from New York and California. The flexibility provided by working
from home enables corporations to make these structural changes within their
business operations.
One of the leading voices in this movement is the software giant, Salesforce. In
a recent announcement, the company said they are looking to permanently reduce
their office footprint.
Bottom line: Companies that do not require office space to be productive will
never fully go back to an office setting. As a result, security needs to be a
discussion when developing work from home policies.
While countermeasures exist to safeguard employees working from home – they’re
not infallible.
After all, it only takes one click to compromise an entire network. Continued
diligence from users and investments from key stakeholders to foster a truly
secure environment will be a required part of doing business in 2021.
Gone are the days of checking off a box for the sake of compliance. Or, assuming
that industry average risk ratings are good enough. This is exactly the type of
mindset threat actors are searching for when selecting their next target.
Dive Deeper:
* How To Prevent The Top Cyber Attacks In 2021
* Recent Cyber Security Attacks & Breaches
* 2021 Cyber Security Statistics
* 2021 Ransomware Statistics, Data, & Trends
* 19 Healthcare Cyber Security Statistics To Know In 2021
2. PATCH MANAGEMENT WILL BECOME A TOP PRIORITY FOR THE C-SUITE
One of the main points of entry used by threat actors is to exploit unpatched
vulnerabilities within systems. According to one survey from the Ponemon
Institute, 60% of breaches in 2019 involved unpatched vulnerabilities.
As a result, patch management services have quickly become a topic of discussion
in the C-Suite.
In short, patch management is a continuous process of identifying, prioritizing,
remediating, and reporting on security vulnerabilities in systems. This is
particularly important if your organization has a need to burn down a backlog of
vulnerable systems.
The goal of a patch management program is to ensure good patching policies are
being implemented company-wide.
Businesses will be turning to managed security service providers as a
cost-effective way to get a better handle on vulnerable systems in order to
reduce risk. Many vendors are able to provide this service without the need of
installing expensive third-party tools while also saving internal resources
time.
In addition, look for a vendor who works with you to create standardization
around your patch management program. This ensures predictable and repeatable
processes can be followed thereby minimizing the amount of time required to
maintain the program.
Dive Deeper:
* How To Perform A Successful Network Security Vulnerability Assessment
* How Often Should You Perform A Network Vulnerability Scan?
* Internal VS External Vulnerability Scans: What’s The Main Difference?
* 14 Essential Network Security Policies Templates You Need
* Network Security Types: Expert Explains The Basics Of Cyber Security
3. RANSOMWARE WILL CONTINUE TO BE THE #1 THREAT
Ransomware is a type of malware that denies users and system administrators
access to files or entire networks. Once the malware infects systems, threat
actors will send a ransom note typically demanding payment in Bitcoin.
Ransomware made history in 2020 contributing to the first reported death related
to a cyber attack.
In this case, a hospital in Germany was locked out of their systems and unable
to treat patients. A woman in need of urgent care was rerouted to a neighboring
hospital 20 miles away but did not survive.
Unfortunately, industry trends don’t look hopeful.
In a survey of 582 information security professionals, 50% say they do not
believe their organization is prepared to repel a ransomware attack.
Adding to this, 75% of companies infected with ransomware were running
up-to-date endpoint protection.
This method of attack is extremely lucrative for threat actors as sophisticated
ransomware kits are widely available on the dark web.
Healthcare providers are one of the hardest hit and most vulnerable industries
for two reasons:
1. Personal Health Information (PHI) can sell for hundreds of dollars per
record and is often resold to multiple threat actors.
2. Security of health systems is typically driven by compliance and not by
proper security hygiene.
For example, running vulnerability scans will report on Critical, High, Medium,
or Low vulnerabilities. While the Critical to High vulnerabilities are often
prioritized it’s actually the Medium or Low vulnerabilities that can place you
at risk.
Overlooking these vulnerabilities on say a printer, medical equipment, or other
connected devices is what enables threat actors to gain entry into your network.
As we look forward to 2021 we do not see any signs of ransomware slowing down.
In fact, we expect new targeted variants to be developed with the goal of
infecting specific industries: Education, Mining, Transporation, and Energy, to
name a few.
Dive Deeper:
* How To Prevent Ransomware Attacks: An Expert Guide
* How To Perform A Successful HIPAA Risk Assessment
4. SUPPLY CHAIN ATTACKS WILL GROW AND BE MORE TARGETED
The recent compromise of SolarWind’s Orion platform has brought global attention
to the need for businesses to make cyber security a top priority in 2021.
In this case, a sophisticated supply chain attack impacted over 18,000 customers
including fortune 500 companies and government agencies.
We will explore this further in the article, but in short threat actors search
for targets that can be easily compromised and that have a significant monetary
value. Attacking a supplier to gain entry to larger organizations is one way to
bypass their sophisticated security controls.
According to a report from VMWare, 50% of cyber attacks today not only target a
network, but also those connected via a supply chain. Further, in 2018, supply
chain attacks increased by 78%.
A 2020 report conducted by Sonatype also found that supply chain attacks on
open-source software surged by 430%.
With this type of attack, it doesn’t matter how robust your security program is
if your vendor has been compromised.
Once threat actors have a foothold in your network, they will attempt to move
laterally to escalate their privileges and gain control over your systems. Or,
they’ll lie dormant for months to years at a time collecting and exfiltrating
data.
As we look forward we see supply chain attacks continuing to pose a significant
threat to organizations. One way to mitigate these attacks is by implementing
Zero Trust Architecture.
Learn More: 5 Proven Small Business Network Security Tips
5. CMMC WILL SET THE TONE FOR ENFORCING SECURITY STANDARDS
The Cybersecurity Maturity Model Certification (CMMC) has been a compliance
standard long in the making. Built off DFARS and the NIST 800-171 framework,
CMMC will require DoD suppliers to meet and maintain a number of security
controls depending on the type of data they have access to or store.
The threat of losing government contracts is a surefire way to enforce
compliance.
In recent months, new standards have been brought forward requiring
organizations to also prove that they’re working towards CMMC. This is because
businesses were not being honest in their adoption of these security best
practices.
From a business perspective who can blame them? In some industries, the margins
are so thin as is that they can’t afford the investment even if they wanted.
States, like Maryland, are trying to help by providing a $2,500 reimbursement
for a NIST 800-1717 Gap Analysis.
However, this figure doesn’t come close to covering the costs associated with
performing the analysis let alone implement and maintain the required security
controls.
While it is unfortunate that businesses have to be forced to meet certification
standards, it does promote a more secure environment. It’s our prediction that
CMMC is only the stepping stone towards a more unified security standard in the
United States.
Learn More: Understanding NIST 800-171 Incident Reporting Compliance
Requirements
6. SECURITY OPERATIONS CENTER (SOC) SERVICES WILL GROW
Security Operation Centers (SOC) provide real-time monitoring, detection, and
response in order to mitigate or prevent cyber attacks when they occur. The
benefits gained from a SOC is what provide organizations with a holistic
approach to security.
This is done by centralizing the display of assets, collaborating across
departments and functions, and ultimately maximizing awareness to minimize costs
SOCs are more accessible today than they were in the past, partly due to the
meteoric rise of cloud services. Another reason for its growth has been the
constant drive to push security down to smaller business models.
Small and mid-sized organizations are investing in SOC as a service model
because it’s less expensive to subscribe to a predictable monthly subscription
than it is to hire and maintain an internal department.
In contrast, it often makes more sense for enterprises to build their own
internal SOC.
As a result, the SOC as a service market is projected to grow to $1.6 billion by
2025 from $471 million in 2020.
We believe that the work from home and BYOD culture has accelerated this trend
in 2020 and will continue to grow YoY. In addition, security frameworks and
compliance, such as CMMC, require the implementation of a SIEM and IDS/IPS.
As mentioned, the talent, toolsets, and program management required to run a
successful SOC is simply out of reach for most small and mid sized
organizations.
Dive Deeper:
* 7 Data Loss Prevention Best Practices & Strategies
* What Is The Difference Between IDS And IPS?
* The Best Data Loss Prevention Software (An Expert Review)
* What Is A SIEM Solution? Benefits, Tools, & Strategies
7. MULTI-FACTOR AUTHENTICATION USE WILL EVOLVE
When it comes to authentication, multi-factor authentication (MFA) is often seen
as the gold standard. However, we’ve covered several stories this year in our
Weekly Ingest series of how threat actors are bypassing the methods used to
authenticate.
More specifically, any authentication done through SMS or phone calls.
For example, in early November Microsoft urged users to stop using phone-based
MFA and instead recommend using app-based authenticators and security keys.
While SMS does have some security built-in, the messages sent are not encrypted.
This means threat actors can perform an automated man in the middle attack to
grab the one-time passcode in plain text.
Online banking is one of the most at-risk industries as authentication is
typically done through SMS. In a recent report, a massive banking fraud
operation was exposed which compromised 16,000 devices causing over $10 million
in damages.
Given this risk, organizations will begin to turn towards application-based MFA
wherever possible such as Google Authenticator. We also highly recommend using a
hardware MFA like YubiKey.
Learn More: Bypassing MFA & Web Application Security Threats In Retail
8. THE COLD WAR OF CYBER SECURITY IS HERE AND WILL HEAT UP
The massive data breach of the federal government and private sector that began
as early as March 2020 is only the beginning. The Cold war of cyber security was
already among us, however, this has set the stage for something far greater.
This recent compromise has widespread implications that, at this point in time,
can only be speculated on. In truth, it will take years to uncover the true
impact of this attack, who was responsible, what systems were compromised, and
what data was accessed/exfiltrated.
What we do know is that US government agencies were targeted along with many
fortunate 500 companies using the monitoring platform, SolarWinds. It’s likely
that in 2021 significant investments will be made into aging government IT
systems and that some sort of retaliation will take place.
Countries such as China have begun to retrain their army in cyber security
schools with plans to become the world’s leader by 2027. Meanwhile, the deficit
of trained security professionals in the US has been noted by top officials at
the Department of Homeland Security as a national security risk.
Recently, Great Britain’s Prime Minister Boris Johnson held a virtual event
expressing the need to boos the countries cyber attack capacity.
Key points of our infrastructure such as the electric grid and
telecommunications are also highly susceptible to the threat of an attack. With
a click of a button, an entire country could be sent to the stone age from
thousands of miles away.
As cyber warfare continues to heat up it’s clear that training security
professionals will become more valuable than building nuclear weapons.
Learn More: Understanding Advanced Persistent Threat (APT) Groups
9. MINING, TRANSPORTATION, CONSTRUCTION, AND ENERGY ARE PRIME TARGETS
Threat actors have much to consider when evaluating the targets they go after.
They need to weigh the level of effort verse the reward.
A bank may be a valuable target, but the amount of resources required to breach
their systems are out of reach for most. However, targeting a small business
that can’t afford a $1,000 ransom payment isn’t particularly lucrative either.
Instead, threat actors look for industries that are not as tightly regulated and
have significant monetary value.
When we look at the current economic landscape, and industries poised to benefit
greatly from the coming recession, we see 4 key targets for threat actors:
1. Mining
2. Transportation
3. Construction
4. Energy
MINING
Mining sectors are a very misunderstood market by most investors. Prices of
gold, silver, copper, nickel, uranium, lithium, and other industrial or precious
metals have and will continue to increase.
We see this upward movement because supply chains are extremely constrained.
This is due to increased YoY demand coupled with a lack of investments into the
exploration of new reserves. Mines are also notoriously expensive to operate and
can take years to ramp up into full production.
Prices of commodities are also at an all time low. As the adage goes, “the cure
for low prices is low prices.”
Added to this is the fact that the dollar is on pace for its worst 4th-quarter
performance in 17 years. Further, 35% of all US dollars were created in the
last 10 months.
These are perfect conditions for prices of commodities to rise in 2021.
TRANSPORTATION
Transportation is an obvious sector that has been under threat of cyber attacks
in the past.
The pandemic has changed everything about how we operate and delivery services
are not showing any signs of slowing down. Amazon, Walmart, Costco, Chewy, and
other large online retailers have seen stock prices soar since March as online
shopping has risen with nearly $1 out of every $5 spent online.
Disruptions in these supply lines mean more than not getting your Amazon package
delivered on time. For some, it’s the only way people can access fresh foods or
life-saving medicines.
CONSTRUCTION
Construction projects in the US will increase under the new administration. The
aim being to fix our deteriorating infrastructure and to provide higher-paying
jobs with benefits that lower-level service sector jobs lack.
It’s estimated that $2 trillion will be invested by the federal government,
which will require construction companies to comply with CMMC.
ENERGY
Energy sectors will also rebound as the world economy opens up in 2021. Oil and
natural gas companies have already begun to consolidate in the market. Exxon and
Chevron recently discussed merging, which would make it one of the largest
corporate mergers ever.
Eventually, demand will increase and those who manage to survive the downturn
will benefit greatly.
While green energy initiatives do threaten to take over the energy sector, it’s
not likely to happen anytime soon. In a best-case scenario, it will take years
for the US to remove its dependency on oil, natural gas, or nuclear power. In
fact, the green movement will further increase energy usage.
10. DRIVE-BY WIRELESS ATTACKS WILL IMPACT REMOTE WORKERS
Work from home culture is here to stay making residential areas a valuable
target for threat actors. Microsoft reports that the volume of IoT attacks in
the first half of 2020 rose by 35% compared to the second half of 2019.
From a level of effort perspective, these types of attacks are relatively easy
for threat actors to pull off. Yes, they do need to be within physical proximity
(approximately 65 feet) of the target.
However, the equipment is less than $200 and the configuration of the device is
something that could be learned on YouTube in a matter of hours.
For example, a deauthenication attack on unsecured wireless networks can
ultimately provide threat actors with a hashed password of your network that can
be brute-forced offline. Once the password is cracked, the threat actor can use
their access to your network to gain command and control over your connected
devices.
We expect these attacks to continue to rise – especially in apartment complexes
where a large number of users can be targeted at once.
Read More: How To Perform A Successful Wireless Penetration Test
WRAPPING UP
We expect investments in cyber security to become a top priority for businesses
in 2021. Looking further ahead we see security becoming a normal cost of doing
business.
The Cybersecurity Maturity Model Certification (CMMC) will lay the groundwork
for an enforceable and standardized security framework in the United States.
While the doom and gloom of recent data breaches sound disheartening – it
doesn’t have to be. There a number of proactive steps you can take to mitigate
and prevent cyber attacks.
PurpleSec is here to help deliver a custom tailored plan to meet your
organization’s needs. Contact us today and speak with a cyber security expert.
Related Articles
* What Are The Different Types Of Penetration Testing?
* Red Team VS Blue Team: What’s The Difference?
* What Is A Vishing Attack? (And How To Protect Against It)
* How To Create A Successful Phishing Campaign In 8 Steps
* Advanced Penetration Testing Methodologies & Frameworks
JASON FIRCH, MBA
Jason is a veteran IT operations manager, digital marketer, as well as the
co-founder and CEO of PurpleSec, with nearly a decade of experience in business
management and operations. When he's not studying for his CISSP or contributing
to the PurpleSec blog you'll find Jason helping nonprofits with their online
marketing.
NO COMMENTS
POST A COMMENT CANCEL REPLY
Comment
Name
Email
Website
Save my name, email, and website in this browser for the next time I comment.
2022 CYBER SECURITY STATISTICS, DATA, & TRENDS
WELCOME TO PURPLESEC!
Welcome to the PurpleSec blog where you’ll find all things related to cyber
security If you like thought leadership articles, videos, data, trends, free
templates, and practical tips from cyber security experts then you’ve come to
the right place.
Search for:
POPULAR ARTICLES
10 Cyber Security Trends You Can’t Ignore
Common Types Of Network Security Vulnerabilities In 2022
How To Prevent The Top Cyber Attacks In 2022
Free Security Policy Templates
Red Team VS Blue Team: What’s The Difference?
What Are The Different Types Of Penetration Testing?
SECURITY CATEGORIES
* Cyber Security (18)
* Cyber Security Tools (5)
* Network Vulnerabilities (10)
* Penetration Testing (11)
* Recent Cyber Attacks (4)
* Social Engineering (5)
Our Services
Managed Security
Vulnerability Management
Penetration Testing
Social Engineering
Security Risk Assessments
Get A Free Consultation
Free Resources
Security Beyond The Checkbox
Latest Cyber Attacks In 2023
How To Prevent Cyber Attacks
Security Insights & Research
Security Policy Templates
Security Trends Report
Cyber Security Statistics
Contact Us
202-556-3903
sales@purplesec.us
Follow Us
LinkedIn
YouTube
Twitter
Pinterest
Legal Stuff
Terms Of Service
Privacy Policy
Our Company
Meet Our Security Experts
Editorial Process & Standards
Our Office
PurpleSec LLC
1410 12th st NW, #4
Washington DC 20005
LinkedIn Twitter Reddit Pinterest Email
Name
Email
Subject
Message
CLOSE