Cyber Threat Landscape in 2021
The year 2020 will largely be remembered as the year of the pandemic, and rightly so. COVID-19 disrupted lives and caused severe economic hardship, even going into 2021.
However, 2020 was also the year that cyberattacks grew 400% compared to the previous year, according to Cyber Threat Intelligence League, a collective of over 1400 cybersecurity professionals and government experts from 40 countries.
As countries all around the world went into lockdown and businesses were forced to let employees work from home like never before, cyber bad actors saw an opportunity. Criminals and Nation-State actors like China and Russia exploited the users as they accessed data and systems remotely.
Even some of the best-protected networks in the world were breached. Companies like SolarWinds and Microsoft suffered crippling hacks that reverberated down the supply chain of their customers, including over 10,000 private companies and government agencies like the United States Department of Justice and even the Department of Defense.
In light of this massive breach, the Department of Homeland Security initiated an emergency review of the entirety of the cyber landscape in the U.S. and is expected to make significant recommendations within the next few months, including setting minimum levels of cyber protection that all organizations will have to implement.
The Small Business Cybersecurity Dilemma
For small businesses, the situation is even more dire. According to a study conducted jointly between Cisco and the National Center for the Middle Market, over 50% of small businesses have no cybersecurity strategy or plan in place and for those that do, most have not reviewed the plan in over a year.
A cybersecurity strategy and plan, once created and adopted, must be reviewed at least annually to ensure that current threats are being included. Cybersecurity is not a one-and-done solution; the threat landscape evolves at a rapid pace and frequent reviews ensure that the plan will help reduce an organization’s cyber risk profile.
The three biggest threats to small businesses continue to be Ransomware and Business Email Compromise (BEC), also known as CEO Fraud.
The Growing Threat of Ransomware
Ransomware is a type of malware or trojan that infects a network and blocks access to data stored on those networks by encrypting all the files in a way that is difficult, if not impossible, to decrypt. The hackers who deploy the malware agree to provide a unique decryption key in exchange for a payment, usually in Bitcoin or some other cryptocurrency, making tracing and prosecuting the hackers difficult.
The malware is mostly spread using emails with embedded links that are sent out en masse to thousands if not millions of email addresses that can be readily obtained for less than $100. The hackers anticipate that at least some of those emails will be opened and some of the links clicked, downloading malware to the unsuspecting user’s PC and starting the encryption process. Overall, it is a very easy process to manage, and the rewards are exponentially higher than the cost.
Surprisingly, the origin of ransomware goes all the way back to 1989, with a few attempts to weaponize the encryption of files to hold hostage for money. Those early exploits, however, were extremely limited and it wasn’t until 2013, when Crypto Locker appeared on the scene, that ransomware became lucrative.
Suddenly, cybercriminals operating the shadows found a way to make money without a lot of effort and caused havoc in the process. These early attacks now seem tame compared to the damage ransomware can cause today, and in 2020, encrypting files became almost a secondary concern.
Are Hackers Hiding On Your Network Right Now?
Starting around 2018, hackers discovered that it was relatively easy to penetrate an organization’s network and remain undetected. Rather than immediately deploy a ransomware trojan and begin infecting files, the hackers watched silently as the firm went about its day-to-day business.
Because they had unfettered access to the network and all the information stored there, the hackers learned details about the organization and all the people who worked there, which allowed them to do additional damage, including accessing bank accounts, confidential documents, and emails. They would start copying this data from the network to their servers, a process known as exfiltration until they had all the data they wanted. Some documented incidents found that hackers were roaming the network for up to 12 to 18 months before launching the Big Hack.
The Big Hack refers to an attack that occurs when the threat actors have exfiltrated all the data they need and are ready to hold the organization hostage. They launch the encryption payload that has been sitting dormant on the network for weeks if not months. Once the files are encrypted and the organization is locked out of the data, the hackers demand a ransom. According to research conducted by the technology company Palo Alto Networks, the average ransomware payment was $312,493.
To add insult to injury, once the ransom is paid and the decryption key is turned over by the hackers, they then turn around and ask for more money to prevent the release of the information they have already stolen, putting the compromised firm in a tough spot. In most cases, the regulatory fines for data breaches are so high that companies are forced to decide between paying yet another ransom or facing fines and potentially significant damage to their reputation.
For hackers, getting access to the data is the new gold rush.
Social Engineering Remains The Primary Source of Breaches
Wikipedia defines social engineering as the manipulation of people into performing actions or divulging confidential information. Using email tactics similar to those used to spread ransomware, social engineering is the primary way that hackers influence unsuspecting users to do things they normally wouldn’t do. Phishing and Business Email Compromise (BEC) are the two major ways that social engineering is used to target victims.
Phishing is a fraudulent attempt to obtain sensitive information like login credentials or credit card numbers by impersonating trustworthy figures, like companies and other users. BEC takes it one step further, targeting known users and prompting them to take action, like wiring money to bank accounts or buying gift cards and sending them to a hacker. In both cases, the cybercriminals exploit the naivety and ignorance of a person to get them to do something they might not normally do.
Spear Phishing is an enhanced version of these exploitation methods. The hackers take the time to gather detailed information about the victims, targeting specific people and presenting them with detailed requests that only a knowledgeable person might have, causing the targeted people to lower their guard and leading to much better results.
Adopting a Cybersecurity Framework
Organizations that want to protect their networks and the valuable data it contains need to develop a cybersecurity strategy and data protection plan. The starting point is embracing a Cyber Security Framework (CSF) that lays out all the requirements and provides a step-by-step process to implement those requirements. Although a framework is especially important for regulated industries (such as financial services, healthcare, or local government) organizations of all types should evaluate and adopt a CSF as a best practice in today’s world.
There are many CSFs published and available, and Alvarez Technology Group (ATG) recommends and has implemented internally and for their clients the National Institute of Standards and Technology (NIST) CSF.
According to NIST: The need for cybersecurity standards and best practices that address interoperability, usability, and privacy continues to be critical for the nation. NIST’s cybersecurity programs seek to enable greater development and application of practical, innovative security technologies and methodologies that enhance the country’s ability to address current and future computer and information security challenges.
What’s Included In The NIST CSF?
The NIST CSF consists of five key components and represents a constantly changing continuum, recognizing that the threat landscape evolves, that networks and people change, and that the framework must be nimble enough to adapt over time:
- Identify: An organization needs to understand not only what they are protecting (assets) but also what they are protecting against (threats) and their risk profile.
- Protect: An organization must implement robust systems to protect its assets, including educating users.
- Detect: An organization can’t simply build a wall around its systems and hope to keep the threats out. They must assume that threats will penetrate those walls and, therefore, must have a way to detect those breaches.
- Respond: An organization must have a documented plan of action in case a breach occurs, an Incident Response Plan that outlines the steps and resources needed once a breach occurs
- Recover: Finally, an organization must be able to recover from a breach in a timely fashion in order to continue to operate, including ensuring that they have good backups of all their critical data.
ATG CyberProtectTM Premium
The ATG traditional managed services agreement, the iTeamTM Service Agreement, has always had some elements of protection as part of the offering, called CyberProtectTM Basic. That was sufficient for most clients, although some clients such as banks, healthcare providers, and government agencies required additional protection to comply with industry regulations. Unfortunately, that range of basic protection products and services is no longer enough.
CyberProtectTM Premium was created to provide the enhanced protection needed in the 21st century, built around a set of services that incorporated the best of CyberProtectTM Basic while remaining flexible enough to add or remove components, as necessary. Better yet, these services align very closely with the NIST CSF as seen in the table below.
|NIST CSF Component||CyberProtectTM Premium Services|
|Identity||· Real-time asset tracking
· Internal and external vulnerability scans
· Threat monitoring
· Annual Cybersecurity Risk Assessment
|Protect||· Endpoint malware protection
· Block access to known or suspected bad Internet sites
· Content filtering
· Email filtering for spam and malware
· Managed user cybersecurity training
· Managed firewall
|Detect||· Managed detection and response
· Network and endpoint scanning
· Alerting on suspicious activities on the network
· Security Operations Center
|Respond||· Automated Incident Response
· Access to SOC cyber techs
|Recover||· Managed Business Continuity and Backup of on-premise servers and Microsoft 365|
The cyber threat landscape has continued to evolve and attacks are growing in number and sophistication. On the Internet, all organizations look alike and, big or small — they are as likely to be targeted as not.
It is no longer a random game of chance played by hackers looking to cash in on a few bucks here and there. Cybercrime is big business, with hackers operating with impunity in foreign countries who are more than likely supporting their activities, building an industry that generated at least $20 billion in revenue in 2020.
Nation-state actors like China and Russia are keen to exploit the lack of cybersecurity protection of U.S. businesses to disrupt the economy and gain access to confidential information that would benefit them and do damage to us. The U.S. government recognizes that it must become more involved in encouraging an elevated level of cybersecurity awareness, so organizations can expect to see tighter regulation coming in the very near future.
Analyzing, selecting, implementing, and managing a cybersecurity strategy and plan is not an easy task and something most small businesses cannot do without help. That is why 67% of small businesses choose to outsource this task and work with external partners to manage their cybersecurity. ATG designed CyberProtectTM Premium to let small businesses employ some of the same cyber protections larger enterprises enjoy while making it affordable and cost-effective.
Get in touch with the ATG team to discover how CyberProtectTM Premium will manage your cybersecurity.