Virtualization Technology News and Information
SlashNext 2021 Predictions: Phishing Is a Gateway to Modern Fraud in Today's Distributed Workplace. In 2021, It Will Take AI to Stop It.

vmblog 2021 prediction series 

Industry executives and experts share their predictions for 2021.  Read them in this 13th annual series exclusive.

Phishing Is a Gateway to Modern Fraud in Today's Distributed Workplace.  In 2021, It Will Take AI to Stop It.

By Patrick Harr, CEO, SlashNext

2021 is the year businesses will have to wake up to the massive, high-stakes threat of phishing.  Most CISOs assume phishing is a corporate email problem and their current line of defense is adequate, but they are wrong.  

Bad actors are highly intelligent, and they have access to sophisticated AI and ML tools to constantly come up with new ways to outsmart corporate defenses, both inside and outside the network perimeter.  According to Gartner, 95% of all cyberattacks start with phishing.

Over the last 30 days, 10% of company users were phished, according to live data we compiled across more than 100 large and mid-sized enterprises. Every day, SlashNext Threat Labs detect 21,000 new phishing attacks, almost double the number of threats from a year ago, and SlashNext Threat Labs are seeing an alarming 50-75% attacks getting past conventional phishing defenses to compromise enterprise networks.  

So if you think your current defenses will keep you safe, think again.  And in 2021, we anticipate this problem will get much, much worse.  

Explosive Growth in Sophisticated Phishing Schemes 

In 2021, we anticipate seeing explosive growth in the number and types of phishing attacks. Beyond the commonly understood phishing schemes perpetrated in corporate email, we're seeing a dramatic increase in attacks across business collaboration platforms including Zoom, Skype, Teams, Box, Dropbox, and Slack.  Mobile devices are particularly vulnerable; our SlashNext Threat Labs have seen a 600% increase in SMishing attacks in 2020 over 2019. We're also starting to see an increase of mobile-specific attacks on social networking sites, and even in multi-player gaming platforms.  

We're also seeing more sophisticated attacks.  Beyond conventional credential stealing, in which email users are tricked into giving up their login credentials to a fraudulent site, we are seeing an increase in scareware scams, where phishers attempt to scare people into taking an action, such as sharing an infected SMS message; rogue software embedded in browser extensions; and social engineering schemes like the massive Twitter bitcoin scam that was perpetrated this summer by a teenager. 

Attacks Are Personal  

Phishing attacks are particularly effective because they prey on human logic and emotion. The more a bad actor knows about you, the more convincing the attack will be, and the more likely it will be effective. We have already seen regionalized attacks happening in the United States, China, and Russia. In 2021, we can expect phishing attacks to become more individualized and tailored with the help of AI.

Cybercriminals have access to cloud-based AI and ML tools and techniques they never had access to before, so they can spin up personalized attacks very quickly and very efficiently.

The Widening Attack Surface 

The seismic shift to long-term remote working and near-universal BYOD, are pushing CISOs to adopt perimeter-less defense strategies that protect corporate users working inside and outside the firewall. 

The convergence of business and personal life on the same device makes protection particularly challenging.  It's not uncommon for a corporate user to go from corporate email to Zoom to Facebook Messenger to Gmail and then back to Slack. By opening and closing so many personal and business applications vulnerable to phishing threats, successful credential stealing and personal attacks can, unfortunately, become a backdoor to corporate data and exposure.

For instance, a successful credential-stealing attack can obtain passwords and then be used to enter the network to obtain critical data.  Remote learning, and the inherent risks of corporate users sharing networks with children participating in remote learning and gaming, compound these risks. 

Cybercriminals have a wider attack surface with less protected communication channels to exploit.  As bad actors increase their use of supercomputing and artificial intelligence (AI)- based techniques, we anticipate a massive increase in phishing attacks focused on mobile and endpoint devices resulting in more corporate IP theft and monetary losses in 2021 than in 2020.

ML and AI-Based Phishing Defense is Paramount 

Given the fast-growing, increasingly sophisticated threats, businesses can no longer rely on a human-only approach to security.  In 2021, expect a massive migration from human only forensics to AI forensics and ML learning, where ‘machines fight machines', to protect users both inside and outside the network from attack. 


About the Author

Patrick Harr 

Patrick Harr is CEO of SlashNext. With more than 30 years of security and cloud industry experience, he directs a workforce of security professionals focused on protecting people and organizations from phishing anywhere. Prior to SlashNext, Harr was CEO of cloud file services provider Panzura, which he transformed into a software subscription company, grew ACV 400%, and led the organization to successful acquisition in 2020. He has held senior executive and GM positions at Hewlett-Packard Enterprise (HPE), VMware, BlueCoat (formerly CacheFlow), and was CEO of multiple security and storage start-ups, including Nirvanix (acquired by Oracle), Preventsys (acquired by McAfee), and Sanera (acquired by McDATA).

Published Monday, November 23, 2020 7:34 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2020>