For many SMEs, 2020 meant one thing above all: going digital fast. The rapid switch to the home office has brought digitization into focus for many companies in a completely new or renewed way. The impact on the business world was massive and continues (as does the exceptional situation) to this day. After the initial hectic retooling phase, now comes the time to take stock in terms of cyber security: Has your company coped well with the sudden leap into digital transformation? Or is IT security now lagging behind the “precovidial” IT infrastructure? You should now know about these 5 current and dangerous cyber security trends, recognize them and, if necessary, combat them consistently.
1. Moving to the cloud in a hurry
The cloud now counts as a door opener for a rapid digitization process. More and more Swiss SMEs are storing their data in the cloud. The trend has increased further in the past year due to the Corona pandemic, as a survey by Trend Micro shows. However, a hasty move to the cloud often involves too little thought being given to cyber security – and this inevitably leads to undesirable side effects. Because contrary to what many SMEs may think, cloud adoption is not a one-time process. Rather, it requires ongoing management and a series of strategic adjustments to make the best security decisions for a business. While cloud infrastructure itself is considered very secure, you are still responsible for protecting your own data.
Our recommendation: As an SME, you should work with a trusted and experienced IT partner who is aware of these threats and can get you to the cloud competently and safely.
2. Home Office targeted by cybercriminals
Even with the best cyber security, one vulnerability always remains, and even more so in the home office: your employees. More and more employees are now connecting to corporate IT from home, opening the door for criminals to access the most sensitive data. They are more than ever the focus of cyberattacks in the home office: According to a study by Kaspersky, attacks on remote desktop protocol connections have increased by 242% worldwide compared to the previous year. This trend, which literally exploded last year due to the Corona pandemic, is sure to continue in 2021.
Remote desktop protocol connection attacks increase by 242% (Source: computerworld.de)
Our recommendation: Be sure to train your employees regularly on the topic of cyber security awareness. Awareness of this type of threat must be built up among all employees of the company and, above all, must be renewed again and again. For the transition, a clearly understandable set of rules for data protection in the home office is a good start.
3. Cyberkriminalität as a Service
The dangerous trend of Cybercrime as a Service (CaaS), or Access as a Service in Deep Web forums, is putting cybercriminal tools and services into the hands of more threat actors, including those targeting corporate networks as well as home networks.
This real-time map from Kaspersky impressively shows how interwoven cyber threats and attacks are worldwide.
Our recommendation: DDoS attacks (Distributed Denial of Service, a “distributed” DoS attack. In this case, criminals exploit the capacity limitations that exist for every network resource, such as the IT infrastructure) will continue to increase in 2021 and in the following years. Prepare for this early and prepare your SME’s IT security now. This is the only way to ensure that critical components of your security infrastructure do not fail.
4. 5G becomes a cybersecurity hotspot
Already today, Internet of Things (IoT) devices are popular targets for attackers and have been one of the biggest security vulnerabilities for enterprises for some time. This is also because users are less likely to secure mobile devices than their desktop PCs or to trust apps and programs on their mobile devices. With increasing connectivity, for example via the next-generation mobile network 5G, this trend will only increase.
Our recommendation:Extend your cyber security awareness training to mobile devices and establish rules for the use of private mobile devices for business purposes or implement a mobile device & application management solution.
5. The new breed of social engineering attacks: Deepfakes
Cyber criminals are not only criminals, but also particularly creative. They are always coming up with new methods and tricks, making it difficult for many companies to keep up to date in addition to their daily business. So-called deepfakes are a recent and almost unknown phenomenon. These are fake video and audio recordings, e.g., of employees or superiors, which are created with the help of artificial intelligence (AI) and in which the surrender of passwords is demanded, or other demands are made in familiar voices. In the future, we can expect a further increase in such social engineering attacks, as they become more readily available to cybercriminals, less elaborate and less expensive – and, to the victims’ chagrin, above all increasingly better: audio deepfakes are almost impossible to expose as fakes.
Our recommendation: Make your employees aware of lurking dangers and ensure that they are continuously up to date.
How to get ahead of cybercriminals in 2021
When it comes to IT security, the requirements of SMEs are not much different from those of large organizations. They, too, need protection that covers all systems, networks and communication channels, offers holistic protection and responds quickly and efficiently 24×7 in the event of security incidents. However, covering all these requirements with internal staff is only possible in the rarest of cases. Working with managed security service providers is therefore the best way to achieve the greatest possible IT security – without costs and effort getting out of hand.
Let us find out together, without obligation, where exactly you stand through a Cyber Security Risk Assessment. As cyber security specialists with ISO 27001 and CISSP certifications, we can offer you various security services with which you can achieve the optimum security for your SME.