Without a doubt, 2020 was a difficult year for many organisations, including managed service providers and small businesses – especially as it relates to cyber security. In a recent survey, MSPs reported that certain industries saw a rise in attacks during the pandemic – healthcare (59%), finance/insurance (50%), and government (45%). Although ransomware remains the most common malware threat, viruses, adware, spyware, and remote access trojans completed the top five security risks.

Looking to 2021, it’s clear that ransomware will remain a threat, especially for healthcare facilities. Think of ransomware 'as a business’ that responds to changing market conditions, and cyber criminals will, of course, shift their focus to more stable sources of revenue during an economic downturn. The reality is that ransomware is a numbers game, and the healthcare industry provides a lucrative target.

While ransomware remains a significant threat, personal devices and cloud computing present major security gaps in an organisation’s overall security. To insert malware into an organisation’s network, attackers are using new entry points such as unprotected personal tablets and laptops. In addition, insider threats (employees who compromise company systems and data – whether intentionally or unintentionally) are becoming more frequent. In fact, Forrester predicts that employees will be responsible for 33% of breaches in 2021.

With this in mind, below are two 2021 security predictions for consideration.

Vigilance is required for healthcare organisations: Likely resulting from the pandemic, it's unsurprising that the healthcare industry became a primary target for cyber attacks. With desired intellectual property and the opportunity for sizeable payouts, the incentive to exploit this industry will remain a top priority for malicious attacks. Given that healthcare organisations can’t risk downtime due to the critical nature of their services, ransomware will be the principal attack method. Hospitals and other healthcare facilities need to evaluate their IT and security budgets to ensure that they’re able to implement advanced security and data management tools. This will allow them to effectively back up and secure networks, while enabling business continuity efforts.

Insider threats will increase as remote working continues: An insider threat is defined as current employees, contractors and visitors who have access and knowledge of an organisation's digital and physical systems, as it pertains to security and information. There are two types of insider threats, malicious insiders who deliberately exploit the company’s systems for monetary compensation, and colluding insiders who are potentially forced to, or paid to, share information or execute illegal acts. It’s my belief that in 2021, we will see an increase in insider threats, specifically the colluding insider. To illustrate, an employee making a £34,000 salary could find it financially attractive to execute an attack by either installing software or providing access to information for a payout of just under £200,000. This scenario depicts a fairly low risk for a large financial gain. With all signals pointing to an uptick in insider threats, MSPs and SMEs need to heighten their awareness of this type of cyber incident.

Share Story: