{"id":30887,"date":"2021-02-11T09:59:01","date_gmt":"2021-02-11T16:59:01","guid":{"rendered":"https://www.webroot.com/blog/?p=30887"},"modified":"2021-02-11T11:58:47","modified_gmt":"2021-02-11T18:58:47","slug":"how-it-will-prevail-in-the-2021-cyber-demic","status":"publish","type":"post","link":"https://www.webroot.com/blog/2021\/02\/11\/how-it-will-prevail-in-the-2021-cyber-demic\/","title":{"rendered":"How IT Will Prevail in the 2021 Cyber-Demic"},"content":{"rendered":"\n<p>While we can all rejoice that 2020 is over, cybersecurity experts agree we haven\u2019t seen the last of the pandemic-related rise in cyberattacks. Throughout the last year, we\u2019ve seen <a href=\"https:\/\/www.webroot.com\/blog\/2020\/09\/23\/unexpected-side-effects-how-covid-19-affected-our-click-habits\/\">huge spikes<\/a> in phishing, malicious domains, malware and more, and we <a href=\"https:\/\/www.webroot.com\/blog\/2020\/12\/14\/remote-work-is-here-to-stay-and-other-cybersecurity-predictions-for-2021\/\">don\u2019t expect that to slow down<\/a>. As employees around the world continue to work from home, 2021 is shaping up to be another year of record highs in terms of malicious online activity.<\/p>\n\n\n\n<h2>What is the cyber-demic?<\/h2>\n\n\n\n<p>Cybercriminals have always been opportunistic, taking advantage of all possible avenues that disrupt businesses, steal data, trick end users, and more to turn a profit. As the <a href=\"https:\/\/mypage.webroot.com\/threat-report.html\">threat reports<\/a> Webroot produces each year have shown \u2014 not to mention the increasing number of major hacks in the headlines \u2014 threats keep evolving, and their growth is often exponential. That means even before the pandemic, cyberattacks and resulting data loss were already becoming a case of \u201cwhen,\u201d not \u201cif.\u201d<br><br>Still, the COVID-19 pandemic brought unprecedented surges in threat activity as cybercriminals capitalized on chaos and security gaps caused by the switch to WFH. Particularly by targeting vaccine production and distribution, COVID-19 trackers, videoconference applications, and other pandemic-related topics in their scams, criminals have upped the ante on what would have already been a record year; hence \u201ccyber-demic.\u201d<\/p>\n\n\n\n<p>What types of malicious activities should we expect?<\/p>\n\n\n\n<p>\u201cIt\u2019s all about data,\u201d says Matt Seeley, senior solutions consultant at Carbonite + Webroot, OpenText companies.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>\u201cWhether you\u2019re a business or an individual at home, your data is important to you. Not having access to corporate data can put companies out of business. Not having access to your personal files can also have devastating consequences. The scammers know how important data is. That\u2019s why stealing it, misusing it, holding it for ransom, or threatening it in some other way is such an effective way to get what they want \u2013 i.e., the money.\u201d<\/p><cite>\u2013 Matt Seeley, sr. solutions consultant, Carbonite + Webroot, OpenText companies<\/cite><\/blockquote>\n\n\n\n<p>Recent trends in ransomware back up these insights. Thought to be pioneered by the <a href=\"https:\/\/www.webroot.com\/blog\/2021\/01\/13\/maze-ransomware-is-dead-or-is-it\/\">Maze ransomware group<\/a>, a new tactic emerged in 2020 in which ransomware authors changed their business model. Instead of infiltrating systems to encrypt data and demand a ransomware to unlock it, they instead encrypted the data and further incentivized ransom payment by threatening to expose that data if the victim chose not to pay. Using leak\/auction websites, criminals can display or auction off victim\u2019s data to the highest bidder; the cake-topper here is that organizations that are subject to privacy regulations, such as GDPR, PCI, etc., would also have to pay the fines associated with improperly securing sensitive data.<\/p>\n\n\n\n<p>Additionally, the <a href=\"https:\/\/www.carbonite.com\/blog\/article\/2020\/10\/modular-malware-for-the-modern-world\">modular nature<\/a> of modern malware means many malware groups are teaming up to increase their chances of a successful payday. For example, a phishing email might drop a botnet\/Trojan that listens for domain credentials. Once the criminals have domain credentials, they can disable security and\/or tamper with backups. That way, when they eventually drop ransomware, businesses may have no choice but to pay, since their backups are also compromised.<\/p>\n\n\n\n<h2>How IT will Prevail in 2021<\/h2>\n\n\n\n<p>\u201cThe answer, once again, is data,\u201d says Seeley, \u201cthough, in this case, it\u2019s part of overall cyber fitness. If your data isn\u2019t secured, properly segmented, backed up and tested, then 2021 is likely to be a bad year.\u201d<br><br>Stressing the need to combine <a href=\"https:\/\/www.webroot.com\/us\/en\/business\">comprehensive cybersecurity layers<\/a> with <a href=\"https:\/\/www.carbonite.com\/products\/carbonite-products\">proven backup and disaster recovery solutions<\/a>, Seeley explains, \u201cTo bring your cyber fitness up and become more resilient, I recommend businesses start off by assuming they will definitely get breached this year, even if they\u2019ve been lucky and have never been breached before. Once you accept that as your foundation, you can prepare for it. It\u2019s that preparation that\u2019s going to be key.\u201d<br><br>Here are his top 3 tips for businesses to stay safe.<\/p>\n\n\n\n<ol type=\"1\"><li><strong>Know your data.<br><\/strong>\u201cThis is the #1 most important advice I can offer. You can\u2019t secure data if you don\u2019t know where it lives or how important it is. The folks who don\u2019t know their data, who don\u2019t know all the places it resides, how up-to-date it is, or what kind of security it needs, are the ones who are going to suffer the worst if they get attacked or experience some kind of physical damage, like hardware failure or a natural disaster. They\u2019re the ones who, even if they have backups in place, will go to restore their data and realize they don\u2019t have the right information after all. You don\u2019t want to have to learn that the hard way.\u201d<\/li><li><strong>Classify your data.<br><\/strong>\u201cThis is part of knowing your data. If you accept that the data breach is going to happen sooner or later, then you need to know which data is mission-critical to get through your day, vs. other historical data that is nice to have, but won\u2019t make or break your business if you lose access for a little while. Once you know the timing of which systems and data need to be available this second and which ones can wait a few days or weeks, you can properly plan your disaster recovery strategy and choose the right backup solutions and schedules.\u201d<\/li><li><strong>Test your data recovery plan.<\/strong><br>\u201cThe biggest obstacle to your cyber fitness is overconfidence. Just because you have antivirus and backups doesn\u2019t guarantee your protections will be there and functional when you need them. Bad actors are going to keep getting craftier. They\u2019re going to keep finding new ways to target data. You need to regularly monitor and test your backup and disaster recovery strategy to ensure that your data is exactly as safe and available as you need it to be.\u201d<br><br>For more details on stress testing your disaster recovery plan, read <a href=\"https:\/\/www.carbonite.com\/blog\/article\/2021\/01\/backup-and-disaster-recovery-testing-how-to-make-sure-you-can-recover-when-it-matters\">his blog on the subject<\/a>.<\/li><\/ol>\n\n\n\n<p>While these tips apply more to businesses than home users, Seeley says the same fundamental principles apply to anyone. \u201cThink about all the data you could lose if your personal computer crashed right now and the hard drive died. Do you have it backed up? Are those backups secure? Do you know all the places your data lives? Do you have protection for it? Whether you\u2019re a business, an MSP, a regular person at home, a student\u2026 These are the types of questions we should all be asking ourselves, so we can all be more resilient in this cyber-demic.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>While we can all rejoice that 2020 is over, cybersecurity experts agree we haven\u2019t seen the last of the pandemic-related rise in cyberattacks. Throughout the last year, we\u2019ve seen huge spikes in phishing, malicious domains, malware and more, and we don\u2019t expect that to slow down. As employees around the world continue to work from [&hellip;]<\/p>\n","protected":false},"author":151,"featured_media":30889,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[3769,22535,25763,3715,22545],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/30887"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/151"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=30887"}],"version-history":[{"count":3,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/30887\/revisions"}],"predecessor-version":[{"id":30895,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/30887\/revisions\/30895"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/30889"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=30887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=30887"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=30887"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=30887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}