Security Market Segment LS
Thursday, 28 January 2021 11:00

Acronis issues warning of critical privacy risks in 2021 on Jan 28, Data Privacy Day

By

Today is International Data Privacy day, and as incidents of brute force attacks skyrocket and 80% of companies operate without password policies, cyber protection experts warn that “breaches in 2021 are poised to expose more data than ever”.

Late last year, Acronis issued a timely report that warned 2021 would be the “year of extortion”, where ransomware attacks weren’t just seeking a ransom to decrypt your data, but a ransom not to leak it all over the Internet, too.

The cyber protection company’s newest warning is based on its research of recent cyberattack trends and existing business practices, noting that organisations around the world currently face a global threat to data privacy and security.

Acronis announced its findings on international Data Privacy Day to alert organisations that immediate action is needed to avoid costly attacks.

Of course, given the constant reports of major hack attacks, data leaks and cyber intrusions, if the company you work for is still waiting to take action, or hasn’t taken enough action, you might need to proactively start looking for a new job because who knows if your company will even survive the next major inevitable attack.

In any case, the latest research by the cybersecurity experts at the global network of Acronis Cyber Protection Operations Centers (CPOCs) revealed that:

  • 80% of companies do not have an established password policy
  • Between 15-20% of the passwords used in a business environment include the name of the company, making them easier to compromise.
  • Two recent high-profile breaches illustrate this problem: Before its Orion compromise, SolarWinds was warned that one of its update servers had a publicly known password of “solarwinds123”
  • Meanwhile, former President Donald Trump’s Twitter account was hacked because the password was allegedly “maga2020!”. 

Of the organisations that do have a password policy in place, the researchers found many rely on default passwords – and up to 50% of those are categorised as weak.

Attackers know these weak password practices are widespread and, with so many employees working from home as a result of the COVID-19 pandemic, cybercriminals have targeted the less secure systems of these remote workers.

Acronis says its analysts “observed a dramatic increase in the number of brute force attacks during 2020 and found that password stuffing was the second most used cyberattack last year, just behind phishing.”

Candid Wüest, VP of Cyber Protection Research at Acronis candidly explained that “the sudden rush to remote work during the pandemic accelerated the adoption of cloud-based solutions.

“In making that transition, however, many companies didn’t keep their cybersecurity and data protection requirements properly in focus. Now, those companies are realizing that ensuring data privacy is a crucial part of a holistic cyber protection strategy – one that incorporates cybersecurity and data protection – and they need to enact stronger safeguards for remote workers,” Wüest added.

Financial and reputational risks

Acronis then tells us that, while the business community is recognising that better cyber protection is needed to ensure the privacy of their data and their customers’ data, awareness among digital users continues to lag.

One report found that 48% of employees admit they are less likely to follow safe data practices when working from home.

Poor password hygiene and lax cybersecurity habits of remote workers are among the reasons Acronis CPOC analysts say they “expect the financial impact of data exfiltration will soar in 2021, as bad actors can more easily access and steal valuable company data.”

The trend is similar to one now seen among ransomware attackers, who are stealing proprietary or embarrassing data and then threatening to publish it if the victim doesn’t pay.

Last year, Acronis reports having identified “more than 1,000 companies around the world that experienced a data leak following a ransomware attack.”

Implementing tighter authentication requirements

To avoid the costly downtime, significant reputational damage in the marketplace, and steep regulatory fines that can be caused by a data breach, Acronis advises that “organisations must strengthen the authentication requirements needed to access company data.”

Acronis and other cybersecurity experts recommend the following best practices:

  • Multifactor authentication (MFA), which requires users to complete two or more verification methods to access a company network, system, or VPN, should be the standard for all organisations. By combining passwords with an additional verification method, such as a fingerprint scan or randomised PIN from a mobile app, the organisation is still protected if an attacker guesses or breaks a user’s password.
  • Zero trust model should be adopted to ensure data security and privacy. All users, whether they are working remotely or operating inside the corporate network, are required to authenticate themselves, prove their authorisation, and continuously validate their security to access and use company data and systems.
  • User and entity behaviour analytics, or UEBA, helps automate an organisation’s protection. By monitoring the normal activity of users with AI and statistical analysis, the system can recognise behaviour that deviates from normal patterns – particularly those that indicate a breach has occurred and data theft is underway.

Acronis concludes by stating that “while Data Privacy Day 2021 is an ideal opportunity to bring attention to the risks to data privacy, the researchers at the Acronis CPOCs have identified additional cyberthreat trends that will challenge sysadmins, managed service providers (MSPs), and cybersecurity professionals during the coming year.”

The full analysis is currently available in the recently released Acronis Cyberthreats Report.

 

 


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Alex Zaharov-Reutt

Alex Zaharov-Reutt is iTWire's Technology Editor is one of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments