Experts cover topics such as phishing, IoT, security culture, mobile banking and more
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced its team of global cybersecurity experts have released their predictions for cyber trends to expect in 2021.
The organizations’ cybersecurity experts from around the world collectively predict many new trends regarding phishing attacks, ransomware, password security threats, security culture and more.
An overarching theme from their predictions includes new trends in response to societal conditions. With so much turbulence surrounding COVID-19, for example, users can expect hackers to continue to take advantage of their conditional vulnerabilities and stresses. The experts also draw attention to technological advancements that will inevitably open more doors for malicious activity. This will come in response to an increasing use of cloud services, QR code recognition, mobile banking, etc.
Some of KnowBe4’s international prediction highlights include:
- Remote working security -- “We've already seen how coronavirus has forced organizations to move their workforce remotely,” said Javvad Malik, security awareness advocate, KnowBe4 (UK). “Next year, we'll see a larger investment in remote workers’ security. This will probably be a bigger task than most anticipate, with a bottom-up review of which security controls are working, and which are not. We'll likely see better communication channels settled on, better training and security tools that are less obtrusive to productivity.” “Cleverly designed supply chain attacks will target employees working at home,” said Kevin Mitnick, chief hacking officer, KnowBe4. “For example, the ‘cable company’ sending the target a ‘new, faster router’ that has been covertly backdoored.”
- Mobile banking attacks -- “In Africa specifically,” said Anna Collard, SVP content strategy and evangelist, KnowBe4 (Africa), “We need to find solutions to protect mobile banking and users performing financial transactions on their mobile devices. There has been an increase in mobile banking trojans and malicious apps in general, which is concerning when coupled with the lack of awareness amongst African mobile users.”
- Culture -- “There is a continuing and growing conversation about cybersecurity culture,” said Jacqueline Jayne, security awareness advocate, KnowBe4 (APAC). “Last year's prediction on this focus area was premature. We haven’t seen the uptake for company-wide KPIs related to cybersecurity expectations for training, behavior and reporting. However, after the release of The Australian Cybersecurity Strategy 2020, I am more confident that the conversation is becoming louder and the need for security awareness training is front of mind.”
- “Ransomware will continue to get worse, leveraging data exfiltration and stolen employee passwords to force victim organizations to pay,'' said Roger Grimes, data-driven defense evangelist, KnowBe4 (U.S.). “A good backup and tested restore will no longer be enough to prevent the ransom from being paid.”
- MFA exploitation -- “As the world turns to MFA more and more, people will learn that it doesn’t really stop hackers,” said Grimes. “It never has. Once a hacker learns that you’re using a certain type of MFA, then they will use your reliance on it to bypass the protection you thought was guaranteed.”
- ICS -- “Attacks will increase against Industrial Control Systems in an attempt to cripple damage power plants or manufacturing organizations,” said James McQuiggan, security awareness advocate, KnowBe4 (U.S.). “Cybercriminals will continue to develop and attempt to use more exploits against ICS systems and work towards crippling a nation's electricity grid, water treatment operations or a major manufacturing facility.”
- Ransomware -- “Cybercriminals will increase the cost of paying the ransom, and it will be standard for a double payment to delete it,” said McQuiggan. “Cybercriminals will create an e-store of stolen databases for the public at large if the ransom is not paid,” said Mitnick.
- Mobile attacks -- “Consumers will see an increase in WhatsApp and SMS fraud,” said Jelle Wieringa, technical evangelist, KnowBe4 (Netherlands). “Not only will the number of scams increase, but cybercriminals will become bolder by asking for higher amounts of money and using more forceful and devious techniques to manipulate people into paying.”
- Security culture -- “Again in 2021, we will continue to see the general uptake of security culture, both the term and the concept, across the industry,” said Kai Roer, security culture advocate, KnowBe4 (Norway). “This increased understanding will result in a broader understanding of the concept of securing the human elements of organizations and will lead to more comprehensive and complete security programs.”
- “QR code phishing will become a normalized and very serious attack vector,” said Perry Carpenter, chief evangelist and strategy officer, KnowBe4 (U.S.). “This is something that has been more of a theoretical threat ever since the creation of QR codes. But during 2020, we saw the rise of QR codes showing up more and more often. As the ubiquity of QR codes continues to increase and our smartphone cameras automatically detect and browse to the websites embedded in the QR code, we can see that this will become an attractive and lucrative threat vector.”
- Phishing -- “We will see another surge in phishing attacks as the world begins to move back into offices and workplaces,” said Erich Kron, security awareness advocate, KnowBe4 (U.S.). “Similar to the initial move to working from home, people will be hungry for information related to the process of returning to the office and will have questions. The attackers will exploit this desire for information once again.” Stu Sjouwerman, KnowBe4’s CEO predicted: “There will be COVID-19 vaccine massively-scaled spear phishing attacks with all-time high click rates in 2021.”
- IoT -- “There will be several major incidents related to IoT devices in 2021,” said Kron. “This will not be the typical issue where IoT devices are used in DDoS attacks, but significant breaches caused by the exploitation of IoT devices.”
For more information on KnowBe4, visit www.knowbe4.com.
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 35,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.