Insider Threats and Ransomware Loom

By Ryan Weeks, CISO at Datto

2020 was a tough year for many managed service providers (MSPs) and small businesses (SMBs), especially as it relates to cybersecurity. Many MSPs reported that the number of ransomware attacks and security vulnerabilities increased during COVID-19 due to an increase in remote work and cloud computing. Specific industries noticed a particular rise in attacks with  MSPs reporting healthcare as the most vulnerable industry during the pandemic (59%), followed by finance/insurance (50%), and government (45%). Among the malware threats impacting MSPs and SMBs, ransomware is still at the top of the heap. However, it's far from the only threat on their plate. Viruses, adware, spyware, and remote access trojans rounded out the top five.

As we look to 2021, we know that ransomware is not going away, especially for healthcare institutions both large and small. Attackers had to shift their focus temporarily during COVID to other revenue streams. If you think of ransomware as a ‘business' that needs to respond to changing market conditions, it makes sense for those attackers to focus on more stable sources of revenue, like larger enterprises, during an economic downturn. Enterprises both represent a larger ‘return on investment' to hackers and are more resilient to fluctuations in the economy. Ransomware is a numbers game, and the massive healthcare industry is a lucrative target-ransomware just happens to be an easy way into that pool.

With that said, ransomware is not the only threat on the minds of MSPs and SMBs. Personal devices and cloud computing present major security gaps in an organization's overall security posture. As discussed, attackers are using new entry points such as unprotected personal tablets and laptops to insert malware into an organization's larger network. In tandem, insider threats (employees who compromise company systems and data) are becoming more prevalent, whether the employee is complicit in the act or forced against their will. According to The Wall Street Journal, nearly 70% of companies today are worried about insider threats making this a very serious security issue for 2021.

With all of this in mind, below are two major security predictions ahead of 2021 that MSPs and SMBs alike should be aware of and address within their organizations.

Healthcare organizations need to remain on red alert in 2021:

Given the COVID-19 pandemic, it's no surprise that the healthcare industry has been a primary target for cybercriminals in 2020. Between highly desired intellectual property and the opportunity for major payouts, the incentive to exploit even the smallest of healthcare institutions, let alone larger networks, will remain a top priority for malicious actors in 2021. Specifically, ransomware will be the primary attack method because the consequences are higher for healthcare organizations that can't risk downtime due to the critical services they provide for patients. It will be critical for hospitals and other healthcare organizations to evaluate their IT and security budgets ahead of the new year to ensure they're able to implement advanced security and data management tools that allow them to effectively back up and secure networks while enabling business continuity efforts in 2021.

We'll see an increase in insider threats as employees continue to work from home:

For those that aren't as familiar with what an insider threat is, it's defined as current employees, contractors and visitors who have access and knowledge of an organization's digital and physical systems as it pertains to security and information. There are two types of insider threats, malicious insiders who are, on their own accord, deliberately exploiting the systems within an organization for monetary compensation and then there are colluding insiders who are potentially being forced to, or paid to, share information or execute illegal acts. I believe that in 2021, we will see an increase in insider threats, specifically the colluding insider, because it's easier for employees to get away with suspicious activity. For example, an employee making a $45,000 salary could be lured by a cybercriminal to execute an attack in the form of installing software or providing access to information by a promised payout of $250,0000. This is a pretty low risk for a large payout. We're seeing signals in 2020 that this is on the rise, which is why I believe we'll see more of it in 2021.

##

About the Author

Ryan Weeks, Chief Information Security Officer

As Chief Information Security Officer (CISO), Ryan is responsible for directing and managing Datto's Information Security program. Ryan spent 11 years securing enterprise applications, systems and sensitive customer financial data at FactSet Research Systems, where he orchestrated all facets of the global information security program. Ryan holds a B.S. in Computer Information Systems from Ithaca College, a M.S. in Information Assurance from Northeastern University and has industry security certifications including the Certified Information Systems Security Professional (CISSP) and the Certified Information Security Manager (CISM).