What businesses need to know about cybersecurity challenges

A data-driven investigation into the threat landscape and how it’s changing

By WP BrandStudio

In December 2020, U.S. national security officials made a shocking announcement: the American government had been hacked. The cyber attack, which was attributed to a nation state actor that had leveraged a backdoor in network monitoring software, comprised a range of federal agencies and critical infrastructure. Even today, the scope of the breach remains unclear.

The hack is indicative of the current challenges organizations of all stripes face protecting themselves from bad actors. The extraordinary circumstances in 2020—a global pandemic that fundamentally reshaped how organizations operate—handed cyber adversaries opportunities to exploit the necessities of communication networks and provided rich targets in supply chains and critical infrastructure. In the current environment, third-party risk can certainly be anticipated, but the specific threats are harder than ever to predict.

To help meet the challenges of these times, IBM Security assesses the cyber threat landscape and assists organizations in understanding the evolving threats, their associated risk and how to prioritize cybersecurity efforts. In addition to the premium threat intelligence IBM Security provides to customers, the company analyzes a wealth of data to produce the X-Force Threat Intelligence Index, an annual check-in on the threat landscape and how it’s changing.

Among the trends that IBM Security tracked, ransomware continued its surge to become the number one threat type, representing 23 percent of security events X-Force responded to in 2020. Ransomware attackers increased the pressure to extort payment by combining data encryption with threats to leak the data on public sites. The success of these schemes helped just one ransomware gang reap profits of over $123 million in 2020, according to X-Force estimates.

Manufacturing organizations weathered a number of ransomware and other attacks in 2020. The manufacturing industry overall was the second-most targeted, after finance and insurance, having been the eighth-most targeted industry in 2019. X-Force discovered sophisticated attackers using targeted spear phishing campaigns in attacks against manufacturing businesses and NGOs involved in the covid-19 vaccine supply chain.

Threat actors were also innovating their malware, particularly malware that targeted Linux, the open source code that supports business-critical cloud infrastructure and data storage. Analysis by Intezer discovered 56 new families of Linux malware in 2020, far more than the level of innovation found in other threat types.

These findings help inform the challenges organizations can expect in the year ahead. In 2021, a mix of old and new threats will require security teams to consider a lot of risks simultaneously. One such risk is the likely persistence of extortion schemes; attackers publicly leaking data on name and shame sites increases threat actors’ leverage to command high prices for ransomware infections. Cybersecurity stakeholders should also expect threat actors to continue to shift their sights to different attack vectors—from Linux systems to IoT devices to cloud environments.

Yet organizations aren’t defenseless. Based on IBM Security X-Force findings, keeping up with threat intelligence and building strong response capabilities are impactful ways to help mitigate threats in the evolving landscape, regardless of which industry or country one operates in.

X-Force, for example, recommends that organizations of all sizes proactively plan for a ransomware attack. Regularly drilling a response plan—which should address blended ransomware and data theft extortion techniques—can make all the difference in how an organization responds in the critical moment. This response plan can be implemented as part of a zero trust approach that also includes multifactor authentication and data loss prevention solutions to protect against inadvertent or malicious insider threats.

There is reason to hope that 2021 will shape up to be a better year. Trends are notoriously hard to predict, but the one constant is change. Resilience in the face of rising and falling challenges in cybersecurity requires actionable intelligence and a strategic vision for the future of a more open, connected security. The 2021 X-Force Threat Intelligence Index delivers that, helping cybersecurity stakeholders understand where threats have been in the past year and prepare for whatever comes next.

IBM cybersecurity solutions are helping businesses thrive. Learn more.

This content is paid for by an advertiser and published by WP CreativeGroup. The Washington Post newsroom was not involved in the creation of this content. Learn more about WP Creative Group.