With 2020 coming to an end, many of us are breathing a sigh of relief. To say that it has been a tough year would be an understatement. This has especially been the case for the cybersecurity field.
To paint a picture of the kind of year we’ve had, the Cybersecurity Breaches Survey 2020 is enlightening. The survey revealed that 46% of businesses and 26% of charities were victims of cyber threats at the start of 2020. This includes 75% of large businesses, 68% of medium-sized businesses, and 57% of charities.
With the pandemic, the cybersecurity landscape has changed to a great degree. Economies had to adapt to virtual and online tools and technologies to support business continuity. Accelerated digital transformation strategies meant an increase in the onboarding of new technologies.
Despite these trends, many lacked the time to engage in the required due diligence during the acquisition and deployment of these technologies.
As Deloitte’s global survey on third-party risk management (TPRM) revealed, the pandemic has emphasised our need to prioritise TPRM. Given the security lessons we’ve learned this year, let’s look at what we can do in the next.
Here’s our take on third-party vendor security predictions for 2021.
Phishing attacks will continue to rise
According to the Cybersecurity Breaches Survey 2020, the most common type of cyber threat businesses faced were phishing attacks.
Over 80% of businesses and charities were victims of fraudulent emails and websites. This was followed, to a much lesser extent, by email impersonations and viruses, spyware, and malware.
With the increasing shift towards cloud-based services, this prediction is unsurprising for security leaders. This fact is also emphasised by the report published by Microsoft in June. It states that cybercriminals have aligned their phishing attempts with local interests and news.
If there’s one lesson we can learn from these statistics, it is the growing need to ensure continued vigilance across your vendor ecosystem.
We will continue to experience ransomware attacks
Ransomware attacks are a subset of malware attacks. They block user access rather than steal data in the background. This way, cybercriminals take control of organisational systems. They then demand a ransom to provide access back to affected teams.
Ransomware has been identified as the fourth-highest cyber attack that impacted organisations in the UK. Specifically, ransomware was detected across:
- 16% of large firms
- 14% of medium-sized businesses
- 8% of charities
Given our dependence on cloud-based resources, adversaries are likely to continue to advance these threats. Due to the overwhelming need to maintain business continuity, hackers will increase their reliance on ransomware attacks.
Research supports this belief with 46% of surveyed consumers wanting businesses to pay the ransom if their financial data is involved.
There will be an increase in cybersecurity testing across applications, networks, and devices
In recent years, we’ve witnessed a rise in BYOD policies. Given the new working practices we were forced to adopt this year, the importance of securing the remote workforce has heightened. Companies that implemented robust security controls for applications, networks, and devices were more prepared to tackle the security challenges of a remote workforce.
According to analysts, the global trends show a growth of more than 20% across the security testing market. This growth is expected to grow up to $16.9 billion between 2020 and 2025.
Ensure ongoing third-party vendor security with RiskXchange
If 2020 has proved anything, it is that we will encounter trends and developments that we haven’t foreseen in the next year.
Given our increasing reliance on cloud services, businesses are vulnerable to greater vendor risks than ever before. It’s very likely that we will walk into 2021 with new regulations and compliance laws for third-party risk management.
RiskXchange is a company founded and led by recognised experts within the security industry. They’ve held leading roles in companies like IBM Security.