One million internet crime complaints were filed between March 12, 2020, and May 15, 2021. Before 2020, it took over two years to reach one million complaints. The disruptive nature of 2020 contributed to the rise in cybercrime. Hackers love disruption because people lose focus. In the middle of a crisis, people are not checking every email address before responding or clicking a link. Distracted employees increase the chances of a successful attack.
So what are some of the cybersecurity weaknesses for government that cybercriminals will exploit in 2021?
With more employees working from home, it’s hard to determine if individuals logging in are who they say they are. Weak network security can result in lost or stolen credentials that are used to access a network. Implementing multi-factor authentication (MFA) can minimize potential compromises from stolen credentials.
Many websites currently use MFA. When people log in with a username, the website automatically sends a passcode to the cell phone associated with the username. The end-user then enters the code instead of a password to access the site. This method assumes that a hacker will not have access to a user’s phone and will be unable to complete the log-in process.
The increase in remote workers added more endpoints to an organization’s endpoints. Cybercriminals look at devices such as smart TVs, environmental sensors, and routers as possible gateways into a network. These endpoints reside at the edge of a corporate network, making it easier for criminals to gain access if the endpoints are not monitored.
For example, most homes use a router to access the internet. That device comes with a default password that’s known to anyone on the Dark Web. Failing to change the password on routers or smart sensors leaves the device vulnerable to attack. Once compromised, the device becomes a gateway for cyberattacks to be launched.
Ransomware attacks increased 93% in the first half of 2021. These attacks pose more of a threat than many agencies realize.
- Backups are not enough. Having a system backup was the primary mitigation method for ransomware attacks. Unfortunately, backups are not enough unless the backup is located offsite and offline. Today’s ransomware begins with locking any backup files found on the network. These files are locked long before the primary attack is launched. Unless there is an offsite backup, the standard mitigation method is inaccessible.
- Triple Extortion is in play. As company’s refused to pay the ransom, hackers started stealing data to be published on the Dark Web if the ransom wasn’t paid. Now, these bad actors are targeting the customers and business partners of the compromised business, asking for money to keep the data off the web.
Even with mitigation tools, ransomware attacks can result in higher costs from system cleanup, assessment services, and lost business.
Every network has its weaknesses. Vulnerability assessments are one way to find and correct those weaknesses. These assessments should be performed from inside and outside the network. Conducting vulnerability assessments is essential to ensure companies comply with government and industry standards.
Weaknesses creep into a system through out-of-date software, misconfigurations, and supply chain vulnerabilities. Through a comprehensive assessment program, these vulnerabilities can be identified and prioritized for correction. Not all weaknesses pose the same threat level, so starting with the most critical is the best way to protect digital assets.
Cask specializes in cybersecurity services for government agencies. We offer vulnerability assessments to help identify weaknesses and consulting services to prioritize and manage remediation. We can help prepare your company for the most common cybersecurity threats of 2021. Contact us to strengthen your cybersecurity posture.