It’s a new year, which means new threats to your network security systems. 2020 saw a major shift to remote work, forcing IT teams to rethink cybersecurity and implement additional technologies like cloud services and digital collaborative tools. These changes will have a lasting impact, and the security trends this year reflect the risks that come with working from home.
Employee Social Engineering Training
Forrester, a market research company, predicts that one-third of security breaches will be caused by insider threats in 2021. This means it is important for your employees to be trained to identify social engineering attacks. They should be reminded and informed about company policies and procedures that prevent social engineering attacks, as well as observe what social engineering attacks look like. They should also be aware of common scenarios, like:
- A social engineer goes through the garbage and discovers cardholder data, personal information, and other sensitive data because the information was not properly shredded.
- A social engineer acts as IT support, flashes a fake ID, and tells the front desk they’ve been contacted to fix a problem.
- A social engineer calls the help desk, posing as someone of authority and saying they need to change an employee’s username and password.
- A social engineer approaches IT support and mentions their supposed supervisor’s name as an effort to circumvent standard procedures to gain access to something they don’t have permission to access.
- A social engineer dresses in company uniform and acts as an employee by carrying a fake ID tag, stealing valuable data, taking laptops, and installing malware while walking around.
- A social engineer shows up with hands full of boxes/coffee/etc. and asks an employee to hold open a door into restricted areas.
- A social engineer pretends to be a new employee, then asks to be given a tour around the office where they can gain access to information and systems.
Social engineering attacks are sophisticated and constantly changing, so hiring a dedicated team to train your employees can be your best method of protection. A social engineering assessment will determine your company’s vulnerabilities and allow for the creation of a customized training plan.
Sophisticated Email Attacks
Email inboxes are typically the weak spot in security front lines, making them the perfect vector for ransomware attacks, business email compromise scams, and malware infection. Researchers warn that 2021 will likely see a “major increase” in spear-phishing attacks due to automation.
Some social engineering automation attacks your employees should be aware of include:
- Phishing/Spear Phishing
- Bating & Quid Pro Quo
- Pretexting
- Tailgating
- Scareware
For a more detailed look at each of these tactics, check out our previous blog post Are Your Employees Trained to Combat Social Engineering Attacks?
Increased Cybersecurity Budgets
The shift to remote work for many companies has necessitated further use of the cloud. A study found that 35 percent of companies plan to accelerate workload migration to the cloud in 2021, meaning more unmanaged risks in the digital industry. To combat these threats, companies are increasing their security budgets because they understand the need to protect cloud buildouts in the year ahead.
This budget will also drive an increase for Cloud Security Posture Management (CSPM), which automates cloud security management across the diverse cloud infrastructure. ATSG is ahead of the curve with its enterprise-grade Cloud Service, rediCloud, which provides secure, efficient, and reliable cloud services at the highest quality.
More Mobile Threats
Mobile threats accelerated in the backdrop of the COVID-19 pandemic, and they are expected to continue in 2021. Threats include specialized spyware and targeted attacks on Android critical security vulnerabilities. Employees will need to be trained to identify these new threats, and your company should create a mobile-focused security program in order to stay on the defense.
Not only should you invest in security to protect your company’s information and property, but you could be saving your business money in the future. In 2020, the worldwide average cost of data breaches was $3.86 million. To prevent this type of monetary damage to your company, it is vital you stay abreast of the changing threats and invest in reliable technology solutions.
ATSG—Transforming the customer experience through tech-enabled managed services
Today’s choices for mobility, cloud, infrastructure, communications, applications, and operations are mission-critical for small, mid-sized, and large enterprises.
ATSG, Inc., is leading the transformation into technology solutions as a service with our tech-enabled managed services portfolio and a commitment to technology innovation, operational excellence, and client intimacy.
Recognized by industry leaders and industry-leading publications, ATSG has over 25 years of operating history delivering exceptional client experiences that directly result in competitive advantage, cost-savings, growth, and improved operational efficiencies.
Visit ATSG.net, email [email protected], call (914) 517-2919, or visit one of our five tri-state locations today for more information.