With the recent deployment of a vaccine comes the promise of a post-COVID economy in the near future. While the health threat of COVID-19 may dissipate, the pandemic will have a lasting impact across most, if not all industries, and the agriculture and construction equipment (AG/CE) and cybersecurity industries are no different. If we’ve learned anything from the past year, it’s that the future can be difficult to predict; however, based on our current course, these are four cyber trends and threats that are likely to have the most considerable impact on the AG/CE industry in 2021 and beyond.
1. Ransomware Prevails as the Largest Security Threat
Ransomware is expected to continue as the most significant cyber threat and financial risk for organizations in 2021 and beyond. According to security firm Group-IB, in 2020 alone, ransomware attacks resulted in over $1 billion in economic damage across all industries (although this number is thought to be much higher due to the number of unreported cases). Attackers are becoming more organized, sophisticated, and patient, using more effective ways to infiltrate your network, identify high-value targets, and infect them with ransomware. For this reason, the above figure is expected to continue growing year over year.
A common trend in the AG/CE industry has been the expanded number of devices on an organization’s network and increased reliance on cloud systems and Internet of Things (IoT) technology, allowing devices and software to operate and communicate via the internet without human interference. These systems can be challenging to protect due to their large attack surface. Because of their interconnectedness, ransomware implementation on these systems can be widespread, compromising essential equipment and causing the loss or leak of valuable and confidential information. Security monitoring, detection, incidence response, and disaster recovery planning, are and will remain the best ways to prevent and mitigate damages associated with ransomware attacks in 2021 and for years to come.
“The enormity and sophistication of cyber threats facing organizations today require a strategic integrated cybersecurity approach. This approach must include processes that enable day to day monitoring, detection, and incident response with an effective risk management program.”
Donald Ainslie, Secuvant’s current EVP of Risk Advisory Services
2. Breaches Sustained Through Third-Party Vendors
If the recent SolarWinds breach has taught us anything, it’s essential to implement proper vendor management and to vet your organization’s third-party vendors. The SolarWinds breach will have security implications for organizations across all industries due to its widespread nature, and its extent continues to broaden as more information comes to light. It’s estimated that around 18,000 customers have been affected, including tech giants Intel, Cisco, VMware, and Nvidia, and the cleanup from this breach will likely take most of 2021.
It doesn’t stop there, however. It’s important to note that, in general, breaches occurring via an organization’s vendors are common. Because of this, securing your network may only go so far. When working with third-party vendors, it’s essential to ask who has access to your data, what they can do with it, and are they “trusted”? Understanding your data’s value will be crucial to avoid underestimating the extent to which access to your company’s data can impact your organization this year.
3. Cloud and Remote Service Attacks
The adoption of cloud technologies to optimize efficiency and remain competitive is becoming unavoidable regardless of your industry. COVID-19 has exacerbated this trend, and organizations are quickly switching more of their systems over to the cloud. Contrary to what one may think, protecting these systems is not the cloud service provider’s responsibility but rather your organization. Therefore, switching over to the cloud requires a thorough rethinking of your security strategy and infrastructure.
Cloud systems inherently have a large number of points where attackers can attempt to breach your network. Cybercriminals are taking note of this, and failure to vigilantly monitor these systems could spell disaster for your organization’s network. Also, without monitoring and proper vetting, misconfigurations of your network will go unaddressed, leaving unencrypted data open to the public internet. Over time, these scenarios inevitably lead to data breaches. Cloud security in 2021 is essential to thwarting attackers and maintaining your organization’s cloud systems and smooth business operations.
4. Shift to a Mobile and Remote Workforce
To stay operational during the COVID pandemic, most businesses adopted some level of remote work. In a post-COVID work environment, this trend will remain, as 70% of organizations expect at least a third of their remote workers to remain so in the coming 18 months, according to a survey conducted by Skybox. Companies will need to adopt permanent solutions to protect these additional endpoints in 2021 if they plan to continue operating with remote workers.
Remote workers introduce additional risks to an organization as employees are more likely to cause an accidental breach, for instance, by opening a phishing email when working remotely. On top of this, employees now have access to a wealth of information when working remotely without the same level of monitoring. Further complicating this situation is that the additional endpoints introduced by remote workers could be anywhere or on devices that your organization doesn’t control, as even before the pandemic, approximately 82% of companies enabled bring your own device (BYOD) for employees and stakeholders; however, 72% lacked malware protection entirely or relied on endpoint software installations. As this trend continues to grow, providing proper and specific cyber training for remote workers and addressing remote work’s security implications will be essential for companies to remain protected in 2021 and beyond.
These trends and threats are expected to continue through 2021, but just like in 2020, new threats are sure to arise. Thus, it is now more important than ever to be proactive when addressing your company’s cybersecurity needs. Secuvant can help address those needs and provide your organization with security and clarity during these uncertain times. We personalize our offering based on your business and align with your budget requirements to find specific solutions that work for your organization. Regardless of the threat, Secuvant is here to provide superior cyber protection for your organization.
Located in Salt Lake City, Utah, Secuvant is a global leader in integrated cyber threat analytics and risk advisory services, built on a value system of client focus, integrity, accountability, execution, and teamwork. Secuvant’s mission is to provide clients with a Clear Path Forward in their pursuit of establishing an acceptable security risk posture. Secuvant’s success is built upon strict adherence to its values, a functioning world-class advisory board, the unique combination of cybersecurity expertise and industry / vertical specialization, and a team of experts that repeatedly deliver best-in-class managed and advisory cybersecurity and risk services. Secuvant understands Cyber Risk is Business Risk™ and uses methodologies and metrics aimed at minimizing business risk. Services include, but are not limited to, Security Gap and Risk Assessments, Risk Program Management, Executive and Board Cyber Advisory, Penetration Testing, Security Monitoring, Managed Detection and Response and Incident Response services. To learn more, visit www.secuvant.com.