Key IT Security Takeaways from Sophos’ 2021 Threat Report


When is the last time you updated your cybersecurity plan for your Middle Tennessee or Southern Kentucky business? Small business owners will often keep the same antivirus, firewall, or other security measures in place for years without updating them. But hackers are updating their tactics all the time. They’re releasing new malware variants and creating new types of attacks designed to get past current security measures. So, if your business isn’t also evolving your IT security strategy, you can end up with a false sense of security that leads to a ransomware attack or data breach.

How do you know where to begin? One way is by keeping an eye on the emerging trends in cybersecurity threats that are studied by firms like cybersecurity developer Sophos. The Sophos 2021 Threat Report is one of the very first to come out this year with insights gained from attacks that happened in 2020. It shows emerging threats and where companies need to beef up their security if they want to stay protected.

Cyberthreats to Prepare Your Business for This Year

The 2021 Threat Report combines the gained insights from work over the past 12 months by SophosLabs relating to spam and malware analysis, as well as its Sophos Rapid Response, Cloud Security, and Data Science Teams. The report provides a comprehensive roadmap for enhancing cybersecurity across four main areas.

Everyday Threats

Hackers are increasingly going after the common tools used every day in offices across the country. They count on users’ familiarity with a process to keep them off guard and unsuspecting of an attack. In 2020, some of the types of everyday threats that become more prevalent included:

  • Server platforms becoming a large target and being leveraged to then attack organizations from the inside.
  • With the explosion of remote workers, two technologies have become more commonplace. They are Remote Desktop Protocol (RDP) and Virtual Private Networks (VPN). These are being attacked in increasing frequency as hackers take advantage of the new remote workforce.
  • Malware that was previously thought to be less malicious, is now being used as a type of “content delivery platform” for more malicious malware.
  • The lack of basic security hygiene is still a big problem, with users not taking the basic steps to secure their devices or networks.


The move to working from home has created a big opening for many new attacks. The FBI reported a 400% increase in cyberattacks during the midst of the pandemic. The biggest areas of security need that the report found due to changes caused by COVID-19 are:

  • The need to expand the company security perimeter to employee home networks
  • Improvement of security in cloud platforms
  • An understanding that no organization (no matter the size) is immune from attack

Over 50% of working adults do not put a password on their home network.


Ransomware has become so dangerous that it’s pulled out specifically from other malware threats in the report. It has been increasing in both cost and frequency of attack and shows no signs of slowing down. The report found that hackers are continuing to create increasingly sophisticated attacks. In addition to the simple threat of losing data, companies are now facing extortion with demands for more money to keep hackers from releasing sensitive data. A big reason for the increasing danger of ransomware to companies across the country is that it has been co-opted by large criminal organizations as an online money maker. These cybercrime cartels are putting major resources behind these attacks to increase their efficiency and profitability.

Nontraditional Platforms

The fourth area of concern in the threat report is the increase in attacks on nontraditional platforms, i.e., where users won’t expect attacks. Mobile malware continues to plague app stores as they try to detect and remove it. Approximately 87% ofsuccessful mobile phishing attacks are done outside of email. Users are often much less suspect of a new app they’ve installed and that might work as advertised but could also be a trojan for spyware or other malware. IoT devices also remain one of the big vulnerabilities on company networks. They often have less security that computers, yet also can allow a hacker to gain access to a network. Another worry with smart devices like voice speakers, smart security cameras, and even wireless printers is that they will overshare information with a manufacturer by defaulting to less secure settings. And often that data being sent is unencrypted, meaning it’s easy for a hacker to capture and exploit.

Get a Cybersecurity Audit to Start Off 2021 Securely

A cybersecurity audit is the best way to identify any areas of weakness in your cybersecurity strategy. Copperband Technologies can help you identify areas that need bolstering and help you with a comprehensive security solution. Contact us today to schedule an IT security consultation! Call 931.263.8000 or email us.