Educate, patch, survive, repeat — the 2021 Sophos Threat Report
The year 2020 has been an extraordinary one for cybersecurity experts, not least because of the significant effects on the attack surface that the COVID-19 pandemic has had. That event notwithstanding, the security postures of organisations of all types have had to continually evolve throughout the year to stay ahead of new events and trends in attack methods.
In fact, reports of a new attack or breach every week in the media demonstrate just how susceptible every internet user is while going about their daily business. And, with the unusual circumstances of 2020, the ferocity and number of attacks have increased.
The Sophos 2021 Threat Report flags how fast-changing attacker behaviours and ransomware, from advanced to entry-level, will shape the threat landscape and IT security in 2021. The report provides a three-dimensional perspective on security threats and trends, from their inception to real-world impact.
The report points out some of the more alarming tendencies of bad actors that have had dramatic impacts on victims. Covering key trends, it reads as a canonical source of how malware threats have evolved, methods have changed and, by proxy, how cybersecurity specialists need to revisit their strategies.
The rise of ransomware
Right up there among the biggest threats to any organisation is ransomware. But as many attacks have shown this year, demands for money to decrypt frozen hard drives no longer seem sufficient for many cybercriminals. In some cases, ransomware criminals threaten to leak exfiltrated data from affected hardware in an attempt to extort further monies from victim organisations. This renders companies with even the most rigorous backup procedures open to a ransomware attack as they strive to stop sensitive information ending up on the internet.
In part, this trend is increasing as ransomware gangs collaborate to share tips and tricks with their cybercriminal counterparts. The Sophos report likens this collaboration to a traditional crime cartel in that disparate groups seem to be sharing the best methods to further all bad actors’ chances of success. After successful attacks, the fees demanded are also rising, making ransomware one of the most lucrative ways of extorting money on the internet today.
Collaboration to beat everyday threats
Collaboration among malware gangs is a relatively new development (instances of crime-as-a-service are on the up), but white hat companies are also working together more readily than ever before. A positive from the report is that many companies like Sophos pool information with their peers from other organisations. That has been especially valuable in light of the increased threats from bogus sites of Coronavirus information and the expanded attack surface of remote workforces.
The Sophos 2021 Threat Report also shows that many attacks are via common vectors, such as internet-facing RDP and VPN servers. While these systems are easily patched and protected, it doesn’t mean that IT teams are always on top of the most up-to-date requirements, effectively leaving the backdoor unlocked for the bad guys to get in.
In many cases, human action is still required to ensure loopholes are securely closed. The responsibility for that falls not just to cybersecurity professionals, but to every person within an organisation as they must be aware of the role they play in ensuring their own cyber vigilance. Once ransomware is established via whatever route, it is often too late for organisations to react proactively, the report notes, and the human element on any network remains the most common cause of data loss or breach. Teaching both end-users and cybersecurity teams best practices in online behaviour remains the best single way to address threats.
As threats and attack methods evolve, keeping up to date and protected is a daily challenge. Many organisations also deploy the element of continuous human involvement in the form of an around-the-clock team of experts, provided as-a-service. After all, getting notifications about security issues is one thing, but having someone act on these instantly, removes the logistical and resource problems that can follow.
After the doors have been firmly locked to keep out bad actors, security-as-a-service personnel could be regarded as virtualised security guards, ever-vigilant against new threats as they appear.
A multi-layered approach to protection
No single method of software — or hardware-based protection — is considered sufficient by any cybersec professional. What’s required is a multi-layered cybersecurity approach, where perimeter, endpoints, and network routes are all overseen by specialist tools or a single platform that comprises those multiple, focused, specialist parts. That type of multi-layered solution combined with human-led teaching about online hygiene is the best combination to thwart most attacks.
The Sophos 2021 Threat Report reveals that the main incentive for attackers by far is monetary gain, and, thanks to automation, bad actors are playing an effective numbers game. Easy targets will always be singled out as hackers do not want to work particularly hard for their income. With the right tools and training, organisations can remove themselves from the category of easy victim.
A lack of moral code amongst cybercriminals has been made even more apparent in 2020, with hospitals and caregivers during the year targeted just the same as any big company. Among many incidents, students in Singapore had their online lessons suspended after some inappropriate hacking instances occurred during the country’s lockdown. The unfortunate truth remains: nothing is sacred, and nothing is safe.
Acting now to better protect the network should be every cybersecurity professional’s new year’s resolution. You can learn more about what 2021 has in store in the Sophos 2021 Threat Report here, and the company’s training and education resources can be accessed by this link.