2020 shaped up to be one of the most challenging years for digital transformation and the shift in how we do business because of COVID-19 will have lasting effects on security. Many organizations accelerated their plans leveraging the cloud while introducing new technologies and strategies; however, enabled cybercriminals to evolve their strategies and tactics.
Last year we saw a significant increase in cyber threats, from phishing attempts skyrocketing, the use of COVID-19 and the election as phishing lures, a whopping 128% increase in malware activity in Q3 2020 and botnet traffic increasing by 29% in Q2 2020. These challenges won’t just go away, we will see more Target-like breaches and breaches of over one million records. As we navigate the first month of 2021 and beyond, it is paramount for organization to pay special attention to the myriad of new - and renewed - threats and cybersecurity trends.
Cybersecurity 2021 Outlook
2020 and COVID-19 taught us a few things in the security industry: the importance of security awareness, speed of deployment is not always a good thing, and assuming new levels of risk such as “remote work force”.
With so many challenges still on the horizon, here are some of the key topics to have on top of mind:
2020 breaches’ lessons learned
The biggest breaches of the year should be a lesson to organizations that some security tools are not optional—specifically incident response (IR) testing and retainers and endpoint protection. Unfortunately, ransomware is here to stay and can wreak havoc quickly, hence the need for IR and endpoint protection. Organizations cannot do it alone, partnering with an MSSP helps manage the firewall, address detection and response and provide customized IOC support.
Expect More Cloud Breaches
Businesses moved to the cloud, courtesy of the COVID-19 pandemic; however, the increasing confidence in public, private and hybrid data cloud paved the way for new challenges. Cloud-based security threats owing to misconfigured security measures and lack of monitoring give way for stricter security protocols and security testing features. The rise in cloud adoption means an increase in trust in infrastructure security.
The Biggest Increase in Cyber Insurance Purchases is Ahead
Due to the increase in cyberattacks, we will see one of the largest increases in cyber insurance purchasing ever. In 2021, it will be essential for organizations to buy cyber insurance policies to mitigate financial risks from cyberattacks. Some companies, such as retailers, have already bought some kind of cyber risk insurance, and more industries are expected to follow suit.
Remote workers are the latest threat
Remote work will increase and so will the cost of a potential data breach. In 2020, we learned that not even the era of social physical distancing can slow down social engineering threats. Cybercriminals will continue to wage social engineering attacks and also try to exploit common home devices that can be used to compromise an individual and allow for lateral access into a business. These attacks will primarily involve various forms of phishing, including by email, voice, text, instant messaging and even third-party applications. With all that said, we foresee remote workers to reign as the number one attack vector for exploitation in 2021.
Unfortunately, data breaches will take longer to detect and identify due to the increase in remote work. With the increase in phishing and ransomware attacks, most companies are already compromised—and they aren’t aware of it. The reality is that employees are leveraging consumer internet with no controls, which is essentially a buffet line for cyber attackers.
Securing the edge becomes a priority: Hackers are setting up shop at your home
In 2020, we witnessed the explosive expansion of the network edge and decentralization. The seismic shift to remote working spurred by COVID-19 was a key driver of this trend. Remote workers are more relaxed operating in the comfort of their home; however, this comfort leaves them feeling like they can let their guard down. This relaxed approach in security could not come at a worse time as cybercriminals have ramped up social engineering and ransomware attacks. Home-based employees are also more likely to use personal devices and home networks (DSL/Cable, etc.) that are not hardened to the same degree as corporate networks. We now have systems behind consumer modems and switches that are, in many cases, not configured at all or still have the default settings.
Security Awareness is a requirement
In 2020, we witnessed many CISO tabling the need and requirement for security awareness training due COVID-19 related stress, only to see upticks in phish attacks. Remote work is the new threat to corporate America. Educating remote workers on how and what to do to secure their network to limit “man in the middle attacks” is the latest obstacle for CISOs and IT directors.
AI Slows Cybersecurity Skills Shortage Woes
With a predicted 4 million cybersecurity jobs remaining unfilled by 2021, companies are turning to AI in hope of a solution. Although AI today is a relatively novel concept, it enables instantaneous automation, completing tasks that would typically take days in a matter of seconds. The magnitude of “cybersecurity” makes it unfeasible for professionals to rigorously manage all aspects of it, particularly when massive amounts of data are involved. By incorporating automation, professionals can focus on anomalies and large-scale threats whilst AI focuses on the data-heavy or repetitive tasks.
2020 proved beyond a doubt that life is unpredictable. This new year will continue to see COVID-19 related challenges. With the continuation of remote work and increasing cyber threats, it is critical for organizations to understand the cyber threat landscape, where they are in their digital transformation roadmap, their technology and how to efficiently and effective combat threats and keep company assets secure.