2021 Trend Forecast: Safety Awareness Training May Become an Important Indicator for Enterprise Assessment

KnowBe4, the world’s largest security awareness training and phishing simulation manufacturer, recently released a 2021 cybersecurity trend forecast report.

The company’s cybersecurity experts from all over the world jointly make predictions on trending topics such as phishing attacks, ransomware, account security threats, and security awareness training.

Their forecasts as a whole incorporate new social trends in the current special period. For example, the series of impacts caused by the new crown epidemic has led to an increasing possibility of hackers exploiting vulnerabilities and launching attacks. Experts also reminded people to pay attention to technological progress, saying that technological development will inevitably bring new malicious threats. Emerging things such as cloud services, QR code recognition, and mobile banking may all harbor crises.

Highlights from KnowBe4’s forecast report include:

Remote work safety:

The coronavirus is forcing organizations of all kinds to move to new mechanisms for remote work. Investments in safety and security for the remote workforce will increase in the coming year. Organizations need to review from the bottom up what security controls are working and what’s not, and that’s more difficult than most people realize. The future is likely to see better and more efficient communication, training and safety tools. “A well-crafted supply chain attack will target employees working from home,” said Kevin Mitnick, Chief Offensive and Defense Officer at KnowBe4. For example, a “telco operator” sends a target a so-called “latest, faster router” with a backdoor buried in it.

Mobile Banking Attacks:

Trojan horses and malicious applications for mobile banking have increased, especially in Africa, mobile users lack security awareness, and new solutions are urgently needed to protect the network security of mobile banking and users who conduct financial transactions on personal mobile devices.

Cyber ​​Security Awareness Training:

The topic of cybersecurity awareness training continues to advance. Last year’s forecast report couldn’t delve into this area of ​​focus, as we haven’t seen companies incorporate metrics such as cybersecurity training, behavior and reporting into KPIs. But since the release of the Australian Cyber ​​Security Strategy 2020, I am convinced that the dialogue will gradually become more common, which will also make security awareness training an urgent need. “

Ransomware:

Ransomware attacks will continue to worsen, with attackers using stolen data and employee credentials to force victim organizations to pay. For now, good backups and tested recovery mechanisms are no longer sufficient to prevent ransomware attacks.

Cybercriminals continue to increase the ransom amount and demand an additional payment from victims to delete backups from attackers. If the ransom is not paid, criminals could create an e-shop-like platform that exposes the stolen database to the general public.

Multi-factor authentication violations:

With the widespread use of multi-factor authentication mechanisms, people gradually realize that it does not really prevent hackers. In fact, once hackers realize that users are using some type of multi-factor authentication scheme, they use this sense of trust to bypass current protections.

Industrial Control System:

Attacks on industrial control systems (ICS) will continue to increase as a way to invade power generation facilities or disrupt the normal operations of manufacturing companies. Cybercriminals will continue to devise and attempt various attacks on ICS systems in an effort to disrupt a nation’s power grid, water treatment facilities, or other critical manufacturing facilities.

Mobile Device Attacks:

Consumers will see an increase in WhatsApp and SMS fraudulent activity. In addition, cybercriminals demand higher ransom amounts and use more subtle and sophisticated methods to direct victims to pay the ransom.

Safety culture:

Beginning in 2021, safety culture terms and concepts will be fully pervasive across the industry. At that time, a deeper understanding will help all types of organizations establish a clear understanding of internal human risk factors, and ultimately lead to a more comprehensive and complete security plan.

QR code fishing:

QR code phishing will become a common and risky attack vector. This theoretical threat has existed since the birth of QR codes. But in 2020, we found that the full popularity of QR codes is starting to really turn into a risk. Users have become accustomed to using the camera on their smartphone to automatically detect and navigate websites embedded in QR codes. This would be a tantalizing and potentially rewarding threat.

Phishing:

As the world gradually returns to the office and traditional workplace, there is a new wave of phishing attacks. Similar to the initial shift to working from home, employees are eager to hear about returning to the workplace. Attackers will no doubt exploit this thirst for information. By 2021, the massive spear-phishing attack surrounding a Covid-19 vaccine is likely to have the highest click-through rate ever recorded.

Internet of Things:

2021 will also see multiple major security incidents related to IoT devices. Unlike the typical scenario of using IoT devices to launch DDoS attacks in the past, this time the problem may stem from the use of IoT devices to cause major damage.

The Links:   RM20HA-20F DMF-50036ZNBU-FW