A spike in cybercrime that we faced in 2020 might repeat itself in 2021, only with more intensity, experts of management consulting company McKinsey claim. It means that we will continue seeing the rise of ransomware attacks, and remote workers will be under cybercriminals’ radar. But there is something companies can do to avoid 99,99% of cyberattacks.
The world was not prepared for the mass remote working, and therefore there was a sharp uptick in cyberattacks last year. As the pandemic is not over yet, remote work will continue through most of 2021. While it prevents the disease from spreading at an even more alarming pace, remote work certainly is a headache for many companies. Some of them might have matured cybersecurity-wise, but cyber criminals also took their time to learn and upgrade. Therefore, home applications and networks might be an easier target this year.
Ransomware will continue to pose a significant risk to businesses and countries. In 2019, there was only one ransomware group exploiting double-extortion tactics. Last year, already 15 cybercriminal gangs were doing so. With the UK NHS, Microsoft, SolarWinds, New Zealand Stock Exchange, and Twitter suffering major hacks in 2020, ransomware is considered to be not business-only but a national security risk. Ransomware attacks are expected to intensify this year.
According to McKinsey experts, some attacks might take 200 days to detect. On average, companies can identify a breach only after 2-6 months. “That’s the level of security we have,” McKinsey claims.
Companies have not taken enough precautions to secure themselves from cyber attacks. Best defense comes to basics, such as patching on time, using multi-factor authentication, changing passwords regularly, etc. But a surprising number of companies still aren’t used to some basic cyber hygiene.
According to McKinsey, only 11% of cloud users use multi-factor authentication (MFA), which is considered to be the most effective tool against cyberattacks. 99,99% of cyberattacks can be prevented by using MFA. MFA is an electronic authentication method in which a device user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.
The truth is, once cybercriminals find out you are not an easy target, they usually move on. Unless you are somehow of high interest for them, and so they could exploit some other ways to hack you.
Here are the top 5 McKinsey’s cybersecurity predictions for 2021:
- CISOs will seek convergence across solutions. They will look for different solutions to work well together
- MFA services will become necessary for RDP (remote desktop protocol) access. MFA services might become mandatory
- Remote employees will be the target for cybercriminals
- Unsecured VPN access will be a gateway to vulnerability
- Ransomware attacks likely to intensify
Therefore, McKinsey recommends considering a zero-trust approach, conditional access, mandatory MFA, end-point security, and have backup and recovery plans ready.
More from CyberNews:
Subscribe to our newsletter