As organizations scrambled to respond to new demands imposed by new ways of working, their corporate internal and external cybersecurity systems became especially vulnerable to heightened risks and costly fraudulent activity. The rapid shift to work-from-home models spurred accelerated digital transformation, widespread cloud migration, changing regulatory compliance requirements, and a remote workforce that was more susceptible to phishing, online purchase, and employment scams.
Organizations weren’t the only ones adjusting their behavior in response to the pandemic; cybercriminals capitalized on the vulnerabilities exposed by the changing workforce. Cybercriminal actors took advantage of the pandemic to distribute coronavirus-themed phishing scams, install malicious coronavirus apps, hijack pages, steal medical ID information, and target inundated industry verticals in the healthcare and pharmaceutical industry.
Nefarious characters continue to take advantage of outdated applications and legacy platforms, leaving slow-moving organizations exposed to more significant risks than their digital-first peers. According to the NTT DATA’s Executive Guide to the 2021 Global Threat Intelligence Report, work-from-home and remote access are magnifying web and application attacks and malware continues to evolve and become more diverse. As a result, 83% of organizations have entirely rethought their IT security to accommodate new ways of working and 54% of organizations said they would never return to their pre-pandemic operating model.
My 30 years of experience working in the banking and financial services industry — and the findings from NTT DATA’s recent report — coalesce to help me outline the five key risks organizations face in a post-2021 landscape.
1. Increasingly innovative adversaries
Cybercriminals and their methods are maturing at the same rate as technology. Innovative adversaries are well-versed in advanced technologies and sometimes recruited from some of the world’s top universities to use their specialized skills to commit cybercrimes. They are more than capable of leveraging artificial intelligence, bots, and machine learning to enable crime and even automate attacks. Some organizations are more vulnerable than others, especially those with outdated networks, operating systems, application configuration, testing, and security controls. Organizations should be careful not to underestimate the capabilities of online criminals in today’s digital-first landscape.
2. Leveraging old vulnerabilities
Outdated legacy systems and processes are more prone to cybercrime. Attackers identify old platforms and capitalize on vulnerabilities. For example, according to the 2021 Global Threat Intelligence Report, application-specific attacks accounted for 35% — and web-application attacks accounted for 32%— resulting in a combined total of 67% of attacks. The report also found that organizations are trying to modernize their businesses by enabling effective digital transformation to respond to the scale of threats. Organizations that fail to keep up with digital acceleration and platform modernization could be subject to inconvenient and expensive consequences.
3. The weaponization of IoT
Cybercriminals use malware to turn networked devices running specific programs into remote-controlled bots that act as part of a large-scale network attack. Criminal actors also use malware like the Mirai, IoTroop, and Echobot to target online consumers’ devices. IP cameras and home routers can all be at risk through the weaponization of IoT. Additionally, the increasingly remote workforce is at high risk for network manipulation — the most common type of attack in the technology industry in the Americas. Although IoT is an essential tool for success, organizations must remain diligent in preventing malware from infiltrating their systems.
4. Compromised content management systems
Content production is essential for organizations, so content management systems (CMS) are popular targets for malware activity and web-application attacks. A popular platform called Joomla! It is now recognized as the most frequently attacked platform, accounting for more than 45% of all attacks. As a result, organizations must be hyper-aware of the CMS platforms they connect to their sites and safeguard their information. Not only can a web application attack compromise your company’s information, but it can also breach your customers’ private information and severely impact trust, loyalty, and brand reputation.
5. Increasing governance, risk and compliance (GRC) initiatives
The regulatory landscape is dynamic and complex and continues to influence the ways organizations manage their data and privacy processes. A series of emerging privacy acts and protection laws are forcing organizations to adapt. In addition, various government bodies encourage organizations to monitor the threat landscape and comply with new regulations that aim to offset phishing campaigns, ransomware, DDoS attacks, and other online crimes. As organizations implement new technologies and ways of working, partnering with experts in regulatory compliance help leaders identify gaps in their current processes and change to comply with continuously changing guidelines.
Protect your assets, customers, and reputation from today’s top risks
How can organizations and leaders respond to today’s unpredictable risk management and regulatory environment? It’s possible to respond to threats to your business before it’s too late, with proactive strategies, technologies, platforms, and processes that mitigate the fraudulent activity, safeguard your organizational systems and make regulatory compliance timely and straightforward.
Fecha de publicación: 14/10/2021