Every year, Dan Lohrmann from the Government Technology blog chooses a pithy title for the previous year in cybersecurity. For 2020, he chose ‘The Year the COVID-19 Crisis Brought a Cyber Pandemic,’ and for a summary of the past 12 months, we can’t improve on that. It is no exaggeration to say that last year was a grueling time for cyber professionals, and we expect to be dealing with the consequences into 2021 and beyond.
COVID’s Impact on Cybersecurity
In past blog posts, we have emphasized the “opportunistic” nature of malicious cyber actors who are always looking for chaos to exploit in pursuit of their goals. In many ways, 2020 is a perfect example of this mentality, ushering in an unprecedented rise of cybersecurity incidents that even the most cynical researchers could not anticipate.
Here are just a few cybersecurity statistics from last year:
- An 800% increase in cybercrimes reported to the FBI
- A 238% increase in cyberattacks on banking institutions
- 36 billion records exposed through data breaches
In a single day, COVID-related cyberattacks grew from a few hundred cases per day to over 5,000 in March 2020 alone. But what made a biological virus such an easy disaster to exploit for digital terrorists? There are many answers, but the most important one is this: following COVID-related lockdowns, the global workforce has gone mobile, and there seems to be no going back.
According to one study, 1 in 4 Americans are expected to work remotely through 2021, and this trend will be mirrored in the federal space: after reports found no negative impact on productivity from remote employment, federal agencies are planning to expand opportunities for telework. While this may be beneficial to the workforce, there are ramifications that affect cybersecurity trends in 2021. In this article, we will outline a few of the most significant.
1. Remote Endpoint Vulnerabilities
In a recent blog post, we wrote that:
When targeting an organization, attackers seek any endpoint that may be attached to it. Those endpoints have expanded to include devices, systems and equipment across a large geographic region. Notoriously vulnerable IoT and mobile devices in employee homes provide the perfect bridge to their work computer and enforcing security measures is tough.
This problem will remain a top priority for cybersecurity professionals in 2021, and now we can be even more specific: in some cases, even technologies dedicated to protecting remote devices can be targeted in highly successful attacks.
The Trouble with VPNs
More than 400 million businesses depend on virtual private networks (VPNs) to provide an encrypted connection between remote devices and secure networks. However – as the NSA warned this past Summer – popular VPN protocols suffer from major vulnerabilities. During July, actors using stolen VPN credentials managed to take over the Twitter accounts of high-profile figures including Bill Gates, Elon Musk and many others.
In response to these security problems, some businesses are switching to Zero Trust Network Access (ZTNA) schemes which not only protect against VPN-directed attacks, but also attacks on remote desktop (RDP), email clients and other forms of endpoint communications. Nevertheless, there’s a long way to go before these legacy technologies are phased out, and organizations have their work cut out for them along the way.
Increased Risk From Mobile Devices
Smartphones, tablets and other mobile devices are likely the most common examples of remote endpoints; consequently, they are also highly popular targets for attackers. Last year, we witnessed a rise in spyware targeting encrypted messaging apps, major security flaws in popular Android apps and more.
In response to these highly publicized vulnerabilities, Google has promised to double down on security – fortunately, businesses aren’t waiting for them to follow through. According to Forbes, mobile device security will be the fastest-growing category of cybersecurity between now and 2025, showing that organizations finally recognize the risks inherent to mobile devices.
2. More Phishing Attacks
Phishing has long been one of the most popular methods for targeting an organization, and the incidence of phishing attacks has only increased with the rise of remote employment. According to one report, companies experienced an average of 1,185 phishing attempts per month throughout 2020. At the same time, “spear phishing” – a highly targeted form of the phishing attack – became more prevalent with the help of automation and remains a significant risk to businesses in the public and private sector.
There are promising trends on the horizon which may diminish the impact of phishing attacks. For instance, Gartner predicts that Passwordless Authentication will be among the most influential technologies for cybersecurity over the next three years; without passwords to steal, the effectiveness of phishing attacks will decrease.
In the end, investment in cybersecurity training remains by far the most effective way to protect an organization from phishing attacks and other forms of social engineering. It is no wonder, then, that businesses are spending more on cybersecurity training than ever before, and we hope this trend continues.
3. Advanced Insider Threats
In the ever-shifting cybersecurity landscape, insider threats are one of the few never-changing constants. Whether they are involved in deliberate sabotage or innocent user error, insiders are directly or indirectly responsible for the majority of security breaches and cyber incidents occurring in the organizations they work for.
Unfortunately, the risk of insider threats has only increased as a consequence of remote employment: outside of tightly controlled facilities, it is much harder to monitor employee activity and protected assets. Accordingly, Forrester warned that “perfect conditions” for insider threats were created by COVID lockdowns.
Insider Threats as a Service
To exacerbate the issue even further, researchers warn that an increasing number of insider threats are contracted from outside: so-called “Insider-Threats-as-a-Service” may hire themselves out as corporate spies, advertising their services as a “trusted insider” on the Dark Web, or they may be planted through organized recruitment campaigns.
To protect against advanced insider threats, businesses must remain vigilant in screening candidates. Government contractors are already required to maintain an insider threat program (ITP) as defined by NIST SP 800-171, and commercial organizations may wish to follow their example.
4. Increased Dependence on Cloud
Over the past year, cloud adoption has accelerated as more businesses depend on Software-as-a-Service (SaaS) models and cloud storage to link their connected workforce while maintaining productivity levels. But while cloud technologies are more secure than they’ve ever been, cyber actors are also more talented than they have ever been, and the risk of cloud adoption is obviously not zero.
As a result, businesses are also spending more on Cloud Workload Protection Platforms (CWPPs) and Cloud Security Posture Management (CSPM), which Gartner has also named in its list of influential cybersecurity technologies. In 2021, organizations should familiarize themselves with cloud risks and best practices, alongside important regulations that affect cloud services like FedRAMP and HIPAA.
Thanks to the trends listed above, there is every reason to believe that 2021 will be a challenging year for cybersecurity and compliance. For businesses who want to avoid cyber incidents, data breaches and expensive fines, here are three major takeaways:
- Increase security for remote endpoints – in a past blog post, we shared how organizations can improve the security of remote endpoints and prevent attacks through a mobile workforce.
- Provide better cybersecurity training – insiders can endanger an organization, but they can also protect it. In 2021, make cybersecurity a collaborative effort by training your workforce to recognize social engineering attacks and protect your most sensitive assets.
- Partner with experts – remaining secure in the face of a constantly-developing threat landscape is a difficult task without outside assistance. In 2021, partner with cyber experts who can test your organization for vulnerabilities, assess compliance and assemble a cybersecurity plan tailored to your individual needs.
Securicon provides information security solutions to public and private sector organizations. Our expert cybersecurity teams help our clients manage and secure their Information Technology (IT) and Operational Technology (OT) environments by providing vulnerability and penetration testing/assessments; governance, risk and compliance services (GRC) and security architecture review and design services. To learn more, visit our contact page.