2021 was yet another year full of infections. The damage by Malware and Fraud should keep going through this year with nuances, which we predict here.
When we entered 2021, we had high hopes that we could leave behind the COVID-19 pandemic. Unfortunately, 2021 proved to be another difficult year for health and the economy.
In October, the Department of the Treasury reported that the suspected ransomware payments in the first six months of 2021 reached $590 million. With cybercriminals continuing to take advantage of the disruption, we must prepare to go through this year with caution. Here are trends in email security:
1. Shorter lifespans of fraudulent email attacks
Email attack cycles used to take weeks; now the attack infrastructure can be built in a matter of a few hours. Once an email domain has been blacklisted for fraudulent activity, it’s easy and cheap to purchase a new one for a few dollars – shortening the email attack cycle. And as a new domain with a clean record, these domains easily pass email security reputation checks. This means that the reputation based ecosystem will face new challenges in tracking recently created domains and activity.
2. Cyberattacks focusing on remote workforce and technology
We all know the pandemic has forced to think creatively to minimize business disruption, forcing many companies to implement remote workforces and use online collaboration tools. 2 years into the pandemic was enough for attackers to know which changes to explore (and exploit):
In a survey, 65% of IT and security professionals said it was easier to protect company data when employees work in the office. And much of the concern is focused on the bad cybersecurity habits that employees have picked up while working remotely, which make them more vulnerable to phishing attacks. These habits include responding to emails after hours and in a hasty way, working under unprotected LANs, diluting their personal and work environments, and finding more time to be on social networks and e-commerces.
3. Targeting identities over devices
There was a time when attackers focused on gaining access to devices by exploiting system weaknesses. Once the attacker gained control of the device, they could perform any desired action. While this still happens, hackers have also increased focus on impersonating individuals, including regular consumers. Successful impersonations have resulted in wire fraud scams. At the start of 2021, Business Wire reported that the total identity fraud losses has reached $56 billion in 2020 with identity fraud scams accounting for $43 billion of that total.
4. Evolving cybersecurity awareness training
Bringing Cybersecurity to the Executive board used to be a trend thing to say but now, with all the evidence of "destruction" caused by ransomware, digital fraud, and brand abuse, there really is no other way. And with 68% of business leaders recognizing the increasing cybersecurity risks and 95% of cybersecurity breaches resulting from human error, we can expect to see more organizations focusing on cybersecurity awareness and training. Considering the rising frequency of cyberattacks, companies will likely also increase the regularity of cybersecurity awareness and training programs.
5. Increasing cybersecurity budget
For many companies, cybersecurity is not a part of the regular budget. However, the past years have seen an uptick in cybersecurity budgeting as organizations have recognized the crippling impacts of an attack. According to the Neustar International Security Council (NISC), a poll involving 302 IT security professionals revealed that 81% would be increasing their IT security budgets in 2022 by between 31 and 50%.