Almost to the end of 2020! Cybersecurity is an essential focus for companies entering the new budget cycle following the advent of the “New Normal”. It is important to know what you might need to adjust for 2021.
1. Growing Emphasis Toward Consumer Privacy
When the General Data Protection Regulation (GDPR) was enacted by the European Union (EU) in 2016, companies all over the world scrambled to ensure compliance. However, not everyone had to – companies without clients or customers in the EU weren’t expected to participate. Similarly, most countries in Asia have rolled out compliance requirements this year. One of the post important compliance requirements, PCI or PCI-DSS, was only completed by 39% of companies.
Individual states in the US are now changing that. For example, the California Consumer Privacy Act (CCPA) rolled out in 2019 with a compliance date of January 2020. It requires companies to provide transparency in how they collect, share and use consumer data. Expect more similar regulations from other states in 2021.
2. Growing Attack Surface Areas
Cybersecurity is an increasing concern as more organizations enable access to information by moving data to the cloud. Cloud applications are easier to spin up and deploy which means that the number of exposure points in a business infrastructure is growing substantially. A favorite new term is “everything is an endpoint”
A new cloud application or infrastructure deployment widens a company’s attack surface area. Companies try to keep up but may be unable to comply with the security measures needed to protect these new apps, increasing exposure to cyberattacks. It is also important to understand where the cloud providers responsibility ends and yours begins.
3. Bigger, More Devastating Attacks
Cybercrime is anticipated to cost the global economy $6 trillion in 2021. This year, we watched cyber attacks affect significant companies, ranging from Capital One to University of California. October 8, 2020 has already seen 15 data breaches.
Cyberattacks are the speediest growing crime in the world. Every company should understand that it is a when the breach occurs not if. And as we enter 2020, Cybercrime will continue to grow in number and scope as attack surfaces widen due to the expanded remote access, so every company must end 2020 by evaluation of the necessary precautions.
4. More Attacks on Mobile Device
One-third of organizations suffer a data breach due to mobile devices. Many companies now know to protect their on-site systems, but have yet to take precautions with their mobile assets. In fact, according to a study by Verizon, 80 percent of respondents felt their companies were at risk of mobile attacks.
The most worrisome mobile threats include:
- Data leakage due to 3rd parties being breached via social engineering
- Out-of-date devices such as the iPhone 6 and Samsung 8
- Weak passwords
- Working with weak home WiFi
5. Greater Susceptibility of IoT Devices
According to multiple sources about 30 billion devices will be connected to the Internet of Things (IoT) by 2021. People increasingly use IoT devices in the home, workplace and hospitals. Unfortunately, they’re not always secure or developed by a reliable vendor.
The FDA released warnings about cybersecurity vulnerabilities for IoT. A recent “URGENT/11” notice explains that, if exploited by a remote hacker, the IoT device could introduce serious risks for medical devices and hospital networks. What makes the IoT vulnerable? A few thoughts:
- Outdated privacy protections
- Insecure network systems
- Weak passwords
- Device mismanagement
- Unguarded backend systems
6. Move Toward More Secure Two-Factor Authentication
SMS is not always the safest option for two-factor authentication. For example, people can hijack a text by using SMS swapping. So more companies are moving toward a two-factor authentication that requires a secondary code that only you know or a simple tap on your secondary device.
With so many data breaches over the years, keep an eye out for such stronger security measures as we move into 2021.
If 2020 increased any need, it is Organization Wide Cybersecurity Training
Cybersecurity is a threat to every company in the world. Now that remote has shifted from 20% to 80% it is past time you take steps to ensure it does not affect your organization.
To do that, your entire team must be prepared. Update everyone’s needs cybersecurity training from Sparity. Our staff has vast knowledge to make 2021 your most secure year yet.
Contact us today and take a look at our cybersecurity offerings to get started.