Cybersecurity Market in 2021

Cybersecurity remains one of the critically important priorities all around the world, especially in view of the fact that there appear more and more threats, emerge new vulnerabilities and frequency of attacks is very unlikely to subside. Based on it, Canalys analysts forecast further growth of investments into cybersecurity. Below are some considerations by Canalys’ experts. 

It is estimated that global cybersecurity spending will grow by 10% in 2021 to surpass $60 billion. According to Canalys this market reached the size of $54 billion in 2020. This amount includes expenses on endpoint security solutions, web and email security, data security, vulnerability analysis as well as identification and access management solutions.

Experts note, that even in the worst case scenario global expenses on cybersecurity will grow by 6,6% in 2021 to reach $57,7. This forecast takes into account the significant and long-lasting economic effect of numerous pandemic limitations as well as proliferation of new virus strains. Canalys analysis shows that despite pandemic, cyber security budgets remain mostly unchanged or even grow. On the other hand, SMB expenses suffered limitations and personnel reduction had an impact on some cyber security contracts, especially in HoReCa, retail and transport. Logistic issues had negative impact on cybersecurity hardware supplies in early 2020 but later the situation normalized. 

Despite growing cybersecurity expenses the number of incidents including personal data leaks and compromise, as well as ransomware attacks reached a record level in 2020.

According to Canalys, more than 12 records personal data entries were leaked в 2020 while the number of ransomware attacks grew by 60% Among main reasons for growing number of cybersecurity incidents there are errors in cloud data bases settings and phishing campaigns launched against remote employees lacking sufficient cybersecurity protection and training. As far as remote work and education go on and digitalization is developing, analysts expect negative trends in cybersecurity to persist in 2021.


Christmas Fraud or How to Defend Your Money and Business During Sales Time and After

Black Friday is behind with all new online sales and cybercrime records (thanks to COVID-19). The Christmas time has come and new sales seasons are to come so there is no good time to forget about cybersecurity risks of every holiday season. Below are some recommendations from Trilight experts.

If you are a buyer, think twice before trusting e-mails and websites during your deals. While millions of buyers go to online shops for pleasant emotions hackers search for confidential personal and financial data.

A popular fraud scheme is based on phishing letters are messages faking well known online brands and online sellers. Take some simple proactive steps to avoid a catch like this:

1. Before trusting the email which you seem to have received from your favourite retail brands or online platforms, make sure you've read its contents attentively. Unusual grammatical or spelling mistakes make a first hint. A good example here are numerous phishing sites gone online during recent Amazon sales on Prime Day. Study sender's email to find more proofs to your suspicions.

2. Do not succumb to temptation of downloading special holiday seasonal subscription or promo codes from suspicious letter. And, of course, never follow the links from such messages. Fraud phishing messages might contain malware or links to wrong URL-addresses which will download to your device zero day malwares or extortion software putting financial and private data at serious risk.

3. If you are not sure about specific messages, try to correlate link in email address with the target link address by pointing to it. If they lead to different addresses, you may inform your Internet access or security service provider of this email to put an end to spreading potential vulnerability among online buyers.

4. And last but not least. Be careful entering URL-addresses manually. One error and you get to erroneous domain with misprint (similar, yet fake URL-address is often a phishing site). To avoid such risks, think about password manager. They are not only a good line of defense from weak passwords, but they also will not be fooled by malicious URL-addresses often overlooked by human eye prone to errors.For sellers: keep your security systems active, duly protected and compatible with PCI DSS.

As we mentioned above not only buyers can become victims of cybercrimes. Below are the action points for sellers to increase their cybercrime resilience.

1. Start with the security training to introduce latest phishing attacks to your team, including data types hunted for by cybercriminals, as well as cunning fraud emails. Give your team a simple way to inform your cybersecurity personnel of such suspicious emails or similar activities.

2. If you plan to keep your physical shops running, make sure all operating systems used at your points of sale have latest security updates. Consider additional security measures such as effective defense against malwares, NGFW, server protection and encryption to protect critically important systems of your retail network. Network segmentation will also help create limited and isolated zones managed with more refined access control.

3. If your retail business uses cloud applications and you have an extended multisite network of branches, franchise and delivery partners then zero trust philosophy becomes critically important. Basic principle is to trust nothing and check everything. It will help establish reliable access to distributed retail network with higher privacy of card holders.

4. Go through mandatory audit to make sure your existing cybersecurity system meets PCI DSS recommendations.

If your retail business does not have sufficient internal experience with cybersecurity or your IT team is not big enough then it is a good reason to engage a cybersecurity partner which will establish continuous monitoring and protection of your retail network, online system etc. from suspicious activities.

Cybersecurity Illusions or Why MSSP Matters

Today all know that building an unbreakable shield is next to impossible. Surprisingly, quite a lot of IT professionals believe that enterprise IT perimeter will stop any attacks. On the one hand, it’s partially true that you can make penetrating perimeter very difficult and expensive, on the other hand, nobody can guarantee that some perimeter is truly unbreakable.

When IT manager realizes that however strong the perimeter might be it can not guarantee absolute security the next step will be understanding that one now needs invest attention and financial resources into IT infrastructure. It is necessary to create the ability to monitor it, find traces of attackers' actions and take countermeasures to prevent achievement of attack objectives (theft or destruction of information, financial frauds, extortions, etc.).

Let us stress the importance of it once again:

First and foremost, it is always a very good idea to have information about what is happening in IT infrastructure and not only for security reasons.

Second, no attack develops with lightning speed. Attackers need time to recognize hosts and resources, get understanding of internal infrastructure, access data and execute harmful action. See below attack stages as explained by MITRE ATT&CK® which is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

The bottom line is that we need to track attackers’ activity and catch them ASAP, before they really get access to data.

According to analytics, time between initial compromise and getting access to data ranges between couple of hours or a day. So we need fast and effective search of suspicious or uncommon actions to find tracks of attackers and localize the attack.

Sure, searching and tracking require certain level of expertise and competence of cybersecurity experts. But it is the only way to increase security to level where attempt to attack your infrastructure will become unprofitable for hacker team.  This is a reason behind dramatic growth of interest to SIEM systems, building on-site cybersecurity teams or switching to services of external teams, or MSSPs.

To achieve necessary level of security one needs to get logs and events from infrastructure to track the inside activities. We rely our experience to create minimal set of such sources to get sufficient enough overview of events and have ability to catch suspicious or uncommon actions:

  • System logs from servers and workstation logs;
  • Specific database logs;
  • Events from antimalware software – antivirus/endpoint protection system/endpoint detection & response;
  • Next Generation Firewall/ IPS/IDS logs & events
  • Router/gateway logs;

Besides, a very effective tool will be Deception or Honeypot systems, which simulate defenceless resources which will be very attractive for hackers, like Domain Server, Data Base, etc. Any attempt to attack or interact with this ghost will be logged and analysed because real user will not access such Honeypot. They just don’t know about such fake resources setup like traps.

Cybersecurity team or MSSP will process total amount of logs and events from all systems, correlate this information, analyse and discover security events (incidents) to investigate, localize and stop harmful activities.

Casualties and Damages of Global Cybersecurity War or Some Examples of Astronomical Values

There is quite a lot of statistics giving not just alarming but truly intimidating figures from global cybersecurity battlefield. For too many businesses it is not about winning, it’s about survival. See the figures and make your conclusions:

1. New hacker attack happens every 39 seconds

According to a Clark School study held at the University of Maryland there occur hacker attacks of computers with Internet access every 39 seconds on average. This alone should be a sufficient reason for making secure logins and passwords to be taken seriously.

2. Small businesses became target of nearly every second attack

According to study by Symantec, 43% of all cyberattacks are launched against small businesses. Of those small businesses 64% have experienced web-based attacks, 62% underwent phishing & social engineering attacks and 51% experienced denial of service attacks.

To understand why this is a problem, learn the figure below:

3. 60% of those hacked small businesses go out of business within six months

Once again. According to study by Fundera, 60% of small businesses which were subjected to cybercrimes, go out of business due to attack consequences: customers’ data loss, financial data corruption, litigations etc. Kill ratio too high to be ignored, don’t you think so? Why it happens, you will understand from the stats below…

4. Global average cost of a data breach for SMB is 3.4 million

This figure by Varonis explains why successful cyberattacks against SMB are so lethal. 3.5 million is too much for vast majority of SMBs. Even if company copes with financial damages, every cyberattack is not just about financial losses, but about reputation as well. Still, that’s almost nothing compared to possible outcomes for publicly traded companies, which should beware infinitely more…

5. Global average cost of a data breach for public company is 100 million

According to a report by Audit Analytics, the average cost a data breach for a publicly-traded company will reach or even surpass 100 million. A hundred million euros. That’s near the total annual revenue which makes it reasonable for a business to go public. Once again: a hundred million euros of damages. Enjoy and indulge in memories of how you screwed your cybersecurity system.

5. Year 2020 brought about a 300% increase in reported cybercrimes

People sit at home, spend more money online and, most importantly heavily rely on remote collaboration and communication tools. Convenience for businesses which turned Bonanza for cybercriminals. 300% increase in cybercrimes since March 2020 reported by FBI might be a shocking indicator, but we will easily make it even more shocking. These are REPORTED cybercrimes. So, actual growth might very well have been even higher. Why so? It’s because:

6. On average 6 months pass before data breach is detected, even in major companies

Even such giants like Capital One or Facebook were subjected to successful cybersecurity breaches, which were discovered long after users’ passwords, credit card details and other sensitive data had been compromised. And this is despite the fact, that funds spent on cybersecurity globally have long ago reached astronomical values:

7. Near $900 billion will be spent globally on cybersecurity by 2021

According to recent Cybersecurity Ventures report, organizations and businesses globally make fundamental changes in their approach to cybersecurity and reprioritize budgets to align with new realities. And still the total cost of cybercrimes is expected to be times higher:

8. Global cost of cybersecurity crimes will surpass 5,25 trillion by 2021

According to the same above report by Cybersecurity Ventures, global business and economy will sustain near 5,5 trillion of damages in 2021 because of cybercrimes. Again, why these truly enormous expenses on cybersecurity do not stop these staggering cybersecurity losses? Why? That’s because…

9. 95% of cybersecurity breaches occur through human error

Criminals and hackers will infiltrate your company’s IT infrastructure or data through your weakest link which is your employees! (not an IT or security team, btw). Good on-board security team, or outsourced one (which is even better, says MSSP) will dramatically improve chances for successful cybersecurity protection. But if you have neither, at least you need a good Cyber Security Incident Response plan to minimize incident losses. Still…

10. 77% of organizations do NOT have a Cyber Security Incident Response plan

Really, why should you need it… You will never be hacked, because Americans never landed on the Moon and the Earth is flat and all hackers, if there are any, will fall over its edge, sooner or later… Still, if you do not want to wait for this cybercrime incident, order a Plan from us, as a bonus to an affordable package of managed security services.

New Security Realities of COVID-19 World

This year hackers got brand new opportunity to get richer based on Covid-19 hype. McAfee detects more and more criminal attempts to exploit current events. This is why organizations and business have to be on aware and understand what new attack methods are used by cybercriminals in Covid-19 world.

Phishing letters now became the best tool for cybercriminals. Amount of such a content has considerably grown over the past few months. Users get faked letters as if from World Health Organization about sales of masks and medications, coronavirus tests and other medical merchandise (subject of such a message would usually be the most relevant for the addressee from specific region).

Phishing letters either contain links to sites with malicious content or to the documents with exploits or malicious macros. The goal of these activities is to get malicious code to the workstation with the purpose of stealing user or payment data. Hackers also try to lure the victim to a faked web resource with such phishing letters.

Criminal web site would imitate appearance of the bank site or payment system where users are offered to enter personal data. Crypto extorter, cyphering the victim PC, deleting shadow file copies and demanding ransom is one more variant of malicious software. It is well known, that today most attacks are conducted not by humans but by autonomous software solutions, collecting information about victims from different sources and sending phishing letter automatically. Information needed for such attacks is often collected from social networks and other open sources, which demands practically no efforts from criminals. For instance, in user files metadata, which are often in open access, there can be found email addresses, IP-addresses, OS versions etc.

This is a very often occasion when hackers us previously stolen user databases to launch attacks. Criminals may deploy any new attack within just several hours, based on social engineering techniques and emotions of potential victims. The best defense from such attack is awareness and informing company employees of cybercriminal methods.

How to Create Safe Passwords

Creating good and reliable passwords is quite a difficult task for many. It becomes especially intimidating when you start considering unique password for each site you visit. Tens of unique passwords like [email protected]! will make anyone feel a bit perplexed and gloomy.

A typical response to this problem will be simple and insecure.  A user will use one password for all services and resources, or will create several equally simple (to remember) and unreliable passwords. Or there will be some sticker with passwords brightly hidden beneath the keyboard.

Looks like there is a collision between strong passwords you can not remember and weak passwords you can remember but can not use if you want to avoid unauthorized access to your data.  First let’s see what is a strong (and weak) password.

Strong vs Weak Password

A strong password will have sufficient length, use various upper and lower case letters with numbers and symbols. It will not contain dictionary words or ties to your personal information.

Passwords like MyPassword1 might look ok considering above advise but they are not. Word password and any other dictionary word is not a good idea for password.

Anna1989:& does contain upper and lower case, as well as numbers and symbols, but it seriously flawed. Name and year of birth can be easily discovered from open sources and they will be, in case a hacker needs your data.

C0ntekst* is a bit more secure, as it has letter o substituted for number 0, and there is a deliberate error in spelling. Yet, it’s too short unfortunately. It will not take too much time for code-breaking software to guess it.

What shall I do?

Luckily, there are several easy to use and efficient tricks you can use to create strong password which will not force you enroll for memory improvement trainings.

Phrases with Personally Valuable Information

Think of something you are unlikely to forget and build a password on its basis. The2o12’sTripT0Pariswas0key is not that difficult to remember but is truly difficult to crack.

Acronyms or shortcut codes

EksEksEksElIz0key4MaiFriend – XXXL is ok for my friend. Spelling errors, numbers instead of letters and words, easy to recall information. Good example, still you can easily make it even better. Just think about using…


Let’s take our example based on our friend’s anthropometry and add some emotion: EksEksEksElIz0key4MaiFriend:-). It’s always good to have a big friend. One of the benefits is when you are glad it makes your passwords even stronger and you will not forget in what way 🙂

Surely, there are many more efficient techniques to build strong passwords. But you don’t have to use them all to make your passwords strong and easy to remember. Just master those listed above and always remember: mix numbers and letters, upper and lower cases, add symbols, make errors and KEEP THEM LONG!