4 Reasons Cybersecurity Attack Surfaces Are Expanding

The COVID-19 pandemic impacted individuals and businesses all over the world in one way or another. Almost overnight, it disrupted the way people went about their daily routines and how companies operated. Amidst all the chaos, changes to the cyber landscape increased at an unprecedented pace. Some of the trends that powered these changes and continue to fuel them are:

  1. Increased Use of Internet of Things (IoT)
    • About 56 federal agencies in the U.S. reported using Internet of Things (IoT) technologies.1
    • In 2021, experts expect the number of connected devices to reach 10.07 billion.2
  2. Rapid Adoption of the Cloud
    • Global public cloud end-user expenditure is expected to grow by over 18% in 2021.3
  3. Digital Transformation
    • IT spending is expected to hit $3.9 trillion in 2021.3
    • Spending on digital transformation technologies increased from $1 trillion in 2018 to $2.39 trillion in 2021.2
  4. Work-From-Home Model
    • Over 70% of all departments and teams are expected to have remote workers by 2028.4

With an expanding attack surface comes cybercrime. According to an FBI report, cyberattacks have skyrocketed by over 400% since the start of the pandemic, making it imperative to identify and deflate cyberthreats for the health and future of your business.

Growing Cybersecurity Risks

  1. Targeted Ransomware Attack
    Ransomware attacks have long been a nuisance to businesses. Experts have estimated that about 10% of breaches reported in 2021, so far, involved ransomware.5 The success of this mode of attack is attributed to the simplicity with which an attacker can wreak havoc. It should worry everyone that ransomware kits are inexpensively available on the dark web.
    Ransomware propagators are constantly devising new plans to evade defenses set by businesses. Without precautionary measures in place, SMBs could find themselves at risk.
  1. Phishing Attacks
    Phishing uses social engineering in email and cloud services attacks. Phishing attacks can lead to account takeover, credential theft and more. According to one report, phishing attacks increased by 11% in 2021 alone.5

    Malicious actors using phishing scams as their method of attack are cunning enough to tilt every global event to their advantage. For example, when the pandemic started, phishing emails were sent out to the masses in the name of the World Health Organization (WHO). Later, when vaccines were rolled out, scam emails had a vaccine company’s name as the sender.
  1. Insider Threats
    Shockingly, close to 20% of breaches involve internal actors.5 The problem with insider threats is that they’re often the toughest to detect.
    • The most common causes of inside incidents are:
    • Negligent employees or contractors6 – 62%
    • Criminal or malicious insiders6 – 23%
    • Credential theft6 – 14%
  1. Fileless Attacks
    A fileless attack aims to exploit the features and tools of a victim’s environment. It doesn’t depend on file-dependent payloads nor does it generate a new file. This leaves no footprint and makes fileless attacks very hard to detect. A fileless attack is reported to be 10 times more successful than a file-based attack.7

    Fileless attacks can originate through an email that directs you to a malicious website. From there, using social engineering tactics, the cybercriminal can use system tools (such as PowerShell) to distribute payloads and execute commands. Since these system tools are part of your IT environment, the threat can evade outdated security systems.

How to Stay Protected

  • Keep your systems updated and safe from cyberattacks that exploit known software vulnerabilities by automating patch and vulnerability management.
  • Ensure effective and quick recovery from cyber disruption by backing up your systems and SaaS applications.
    Secure your systems by deploying advanced antivirus and antimalware solutions that provide endpoint detection and response (EDR).
  • Make sure every new device has the necessary security tools to start with — local firewall, DNS filtering, malware protection, multifactor authentication (MFA) and disk encryption.
  • Always be ready with an incident response plan. No breach can shake you if you have a robust action plan. The plan should have a communication strategy with all stakeholders, including your investors and valued customers.
  • Provide regular security training to your employees and vendors.

If thinking about assessing your current cybersecurity posture gives you anxiety and you’re not sure where to start, don’t worry. ITNS Consulting can take the assessment off your plate and suggest the right solutions for your business. An experienced partner like ITNS Consulting can make your cybersecurity journey seamless and successful. Contact us today for your cybersecurity assessment.


  1. US GAO-20-577 Report
  2. Statista
  3. Gartner
  4. Upwork Report
  5. Verizon 2021 DBIR
  6. 2020 Cost of Insider Threats: Global Report
  7. Ponemon Institute

Ready to have a conversation?

We would really love to hear from you! Give us a call at 608-563-1975 or fill out the form below to start working with our team.

Fill out my online form.

Ransomware Equals a Data Breach
From a data regulator’s perspective, it is the responsibility of your business …
Implementing Ongoing Risk Management as a Standard Practice
In 2021, organizations that didn't have zero trust incurred an average breach …
Are You Aware of the Digital Risks to Your Business?
Rapid technological advancement and rising global connectivity are reshaping the way the …
How to Build Trust Using Your SMB’s Technology
Technology can be a daunting investment for small and medium-sized businesses (SMBs). …
Why Your Business Needs to Prepare for Cyber Incidents
As the world becomes more digital, so do the risks of conducting …
What to Say ‘No’ and ‘Yes’ to When Practicing Trust-Building in Your Business
The world has become a less trusting place. A recent study by …
Balancing a Proactive and Reactive Approach to Cyber Incidents
A cyber incident is a type of security event that can harm …
How to Find the Right Managed IT Service Provider for Your Business
When looking for an IT service provider for outsourced tech support, it’s …