The pandemic fundamentally changed the way we work and at the same time opened a massive gap in cybersecurity. This was highlighted by a seemingly never-ending news cycle of high-profile breaches at organizations that were not equipped to adequately secure their sensitive data from unauthorized access in this new work environment, leading to a rise in cybercriminal activity.
Most enterprises were forced to quickly adopt cloud solutions to facilitate remote working conditions but without the added safety net of corporate firewalls, their cybersecurity posture left them vulnerable to attacks. The repercussions were felt worldwide and are still affecting many industries. So, what are the notable trends that have developed over the past year of remote work, and are they still threatening organizations throughout 2021?
Data Breaches on the Rise - Especially in Healthcare
The Identity Theft Resource Center (ITRC), a nationally recognized non-profit organization established to support victims of identity crime, released its U.S. data breach findings for the first half (H1) of 2021. The results show that Q2 of 2021 has, so far, seen data breaches increase by 38%. This number is only predicted to continue rising, and not just in the US.
The Middle East has also suffered rising rates in cybercrime; a direct consequence of the thriving economy. Between May 2020 and March 2021, $6.93 million was lost to data breaches throughout the region. Unfortunately, healthcare providers were often at the end of these attacks across the world, incurring the highest per incident cost by industry. This is particularly concerning when considering the crucial role of healthcare services during a global pandemic as well as the highly regulated and sensitive nature of personal health information (PHI).
Additionally, in the UK, a total of 2552 data security incidents were reported to the Information Commissioner’s Office (ICO) in the last quarter, according to the recently released data security incident trends report. The top three affected industries were healthcare (607 incidents), education and childcare (322 incidents), and retail (240 incidents).
On top of this, the manufacturing and utilities industries, along with professional services, continue to experience significant attacks, as cybercriminals target critical infrastructure entities. Attackers are also targeting organizations that have not implemented proper data security measures such as pseudonymisation or tokenization. These data-centric principles render data in any form worthless to hackers by substituting the sensitive information with a non-sensitive replacement or “token.” This facilitates data analytics while securing your information from unauthorized access.
Phishing & Ransomware Becoming More Common
Phishing is another trend that saw an uptick of both successful and unsuccessful attempts this year. Cybercriminals utilize social engineering techniques in order to infiltrate organizations that process sensitive data. This trend has also become particularly prevalent throughout the Middle East, with over 2.57 million phishing attacks detected across the region. This was exacerbated by the pandemic, as employees were more likely to open malicious emails and put at risk company sensitive information. While it is often said that humans are the first line of defense when it comes to data security, it was clear many workers lacked the necessary cybersecurity awareness training to help protect their networks.
Intricately linked with phishing is ransomware, and the number of recent attacks has skyrocketed. To name a few instances, 2021 saw the attack on Colonial, the largest US fuel pipeline, CO SAOG, the largest insurance company in Oman, and JBS Foods, a top global food company. Overall, there were 144 incidents of ransomware reported in the UK at the start of this year, 17 of which hit the education, 15 the legal and 32 the retail and manufacturing sectors: industries that all store sensitive data. Attacks such as these allow hackers to gain access to valuable data, which they often threaten to expose online if their extortionate demands are not met. As such, implementing a data-centric security strategy that focuses on securing the data instead of its perimeter, can prevent suffering an immense data leak and putting individuals at risk of fraud or identity theft.
The predictions for the US, UK, and Middle East indicate that if these trends continue, 2021 will set a new all-time-high record of high-profile data compromises. If the pandemic has taught us anything, it is that data security must be taken more seriously and that no company is safe from breaches, no matter the size or industry.