Cybersecurity remains a rapidly growing problem and a significant organizational threat.

Over 68% of business leaders believe their cybersecurity risks are increasing, despite their own mitigation strategies. Organizations will continue to face a constantly evolving threat landscape and increasing threat actor sophistication. Catastrophic supply-chain breaches in 2020 have made organizations begin rethinking what devices, software, and hardware is trustworthy in their environments. While nation-state actors with significant resources appear to have carried out the recent major supply chain attack(s), even "script kiddie" threat actors are expanding their capabilities and improving their techniques. Several trends for 2021 are on the horizon.

Ransomware Is Evolving to Data Exfiltration and Extortion

Historically, ransomware focused on infiltrating organization endpoints and locking the organization out of their own data. While temporarily paralytic, organizations generally made it through those events by either paying the ransom, or recovering their data from disaster recovery or backup media. Tactics have changed for many ransomware threat actors, however, and now many seek to exfiltrate data in addition to deploying ransomware. They do this so that if an organization fails to pay the ransom amount, then they can fall back on the exfiltrated data to extort the organization. If the organization still fails to pay the new extortion ransom, the data is then leaked, usually on the Dark Web. In the first instance, effective incident management with experienced professionals is critical to managing your way through the incident. In the event of disclosure of data, there are also many issues that arise including potential disclosure of attorney-client communication, work product, trade secrets, and PHI/PII. Seyfarth's Carpe Datum Blog covers this specific situation in more detail.

Email Compromise Events Will Rise Along with Wire Fraud

Incidents involving threat actors gaining access to organizational email accounts will continue to rise in 2021. This increase can be attributed to password re-use, credential harvesting attacks, data leaks following a breach or extortion event, malware, phishing, smishing, etc.

Motivation for these attacks typically involve obtaining information that can be used to facilitate other types of attack. Threat actors steal signature lines, email recipient metadata, prior dealing information, and payment information. This allows a threat actor to set up convincing-looking emails/invoices to perpetrate bank fraud. This comes in the form of requesting a fake invoice be paid or bank information changed. Unfortunately, this person-in-the- middle type attack often goes undetected by the legitimate employees involved. In 2021, organizations should focus on employee training to increase awareness, sophistication, and "cyber-suspicion" of their employees. Organizations will benefit from taking a closer look at their email system logging to ensure that requisite logs are available to conduct investigations following a business email compromise.

Without logs, organizations may face greater costs by virtue of not knowing what data a threat actor took and may be misusing, leaking, or selling on the Dark Web.

Importance of Training Is Increasing

Technologic solutions alone cannot prevent cybersecurity threats and employees will routinely be fooled by clever attacks. However, employee training will remain critical. Many of the most successful hacks to date have started with social engineering. Whether phishing, smishing, link- clicking, or myriad other methods, employees who are well trained will help their organizations avoid costly cybersecurity events. While technology advancements in early detection and containment will continue in 2021, the human elements in an organization cannot be abandoned. Reputable cybersecurity training providers will likely see an uptick in business as organizations move to defend their perimeters.

Cybersecurity Insurance Coverage

Due to the rise in claims, cyber insurance coverage is undergoing a transformation in covered events, limits on liability for certain classifications of events, and rising prices to match the increasing threat level and amount of claims being paid out. It's critical in 2021 that businesses re-evaluate their coverage and make sure adequate protections are in place in the event of a cybersecurity event. Organizations will see more value in working with brokers who understand the threat landscape and organizational needs. This year may not be the year for alignment on cybersecurity policies within the insurance industry. Organizations will still have different coverage options, limits, included services, terms, self-insurance amounts, and rates depending on who their broker is and whether the underwriters of the policy truly understand the organization and its risk. We anticipate underwriters will ask harder questions of organizations in the renewal process. They may ask for proof of cybersecurity risk assessments, penetration tests, NIST (or other framework) compliance, etc. Organizations who rely solely on cyber insurance coverage as their threat mitigation strategy may see their coverages shrink and rates increase.

Business Annoyance/Nuisance Threats

Aside from direct threats, organizations will find themselves fending off more annoying and nuisance type threats. These can take the form of unemployment insurance scams, 401k fraud / withdrawal scams, mass fake LinkedIn profile scams, doppelganger website scams, etc. While many of these get detected, they still drain resources from an organization and will continue to do so in 2021. Seyfarth's Carpe Datum Blog dives deeper into the COVID-19 unemployment scams organizations currently face.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.