2021 Predictions: Ransomware and insider threats will be primary security risks

Without a doubt, 2020 was a difficult year for many organisations, including managed service providers and small businesses – especially as it relates to cyber security. In a recent survey, MSPs reported that certain industries saw a rise in attacks during the pandemic – healthcare (59%), finance/insurance (50%), and government (45%). Although ransomware remains the most common malware threat, viruses, adware, spyware, and remote access trojans completed the top five security risks.

Looking to 2021, it’s clear that ransomware will remain a threat, especially for healthcare facilities. Think of ransomware 'as a business’ that responds to changing market conditions, and cyber criminals will, of course, shift their focus to more stable sources of revenue during an economic downturn. The reality is that ransomware is a numbers game, and the healthcare industry provides a lucrative target.

While ransomware remains a significant threat, personal devices and cloud computing present major security gaps in an organisation’s overall security. To insert malware into an organisation’s network, attackers are using new entry points such as unprotected personal tablets and laptops. In addition, insider threats (employees who compromise company systems and data – whether intentionally or unintentionally) are becoming more frequent. In fact, Forrester predicts that employees will be responsible for 33% of breaches in 2021.

With this in mind, below are two 2021 security predictions for consideration.

Vigilance is required for healthcare organisations: Likely resulting from the pandemic, it's unsurprising that the healthcare industry became a primary target for cyber attacks. With desired intellectual property and the opportunity for sizeable payouts, the incentive to exploit this industry will remain a top priority for malicious attacks. Given that healthcare organisations can’t risk downtime due to the critical nature of their services, ransomware will be the principal attack method. Hospitals and other healthcare facilities need to evaluate their IT and security budgets to ensure that they’re able to implement advanced security and data management tools. This will allow them to effectively back up and secure networks, while enabling business continuity efforts.

Insider threats will increase as remote working continues: An insider threat is defined as current employees, contractors and visitors who have access and knowledge of an organisation's digital and physical systems, as it pertains to security and information. There are two types of insider threats, malicious insiders who deliberately exploit the company’s systems for monetary compensation, and colluding insiders who are potentially forced to, or paid to, share information or execute illegal acts. It’s my belief that in 2021, we will see an increase in insider threats, specifically the colluding insider. To illustrate, an employee making a £34,000 salary could find it financially attractive to execute an attack by either installing software or providing access to information for a payout of just under £200,000. This scenario depicts a fairly low risk for a large financial gain. With all signals pointing to an uptick in insider threats, MSPs and SMEs need to heighten their awareness of this type of cyber incident.

    Share Story:

Recent Stories

Are property insurers ready for timber
The Structural Timber Association is gearing up to help all stakeholders in the construction supply chain to fully appreciate the advantages of building in timber, how to deliver such projects and most importantly to understand and manage the risks.

The changing face of BC and WAR
The working environment has changed quite dramatically for many over the last six months. With social distancing and the rise of homeworking, it is not just how businesses operate that has changed, but also how they recover. In this podcast we discuss some of the challenges created by the quick shift to home working, why the office may not have seen its last days and how the current environment can impact the ability of a business to recover.