In 2020, we saw many changes in the cybersecurity landscape. The COVID-19 pandemic and WFH certainly upended security strategies and forced organizations to rethink approaches to securing remote workers and supply chains at many companies.
As we look back on the year, cyber leaders shared their security lessons from 2020, and a look ahead to 2021.
Hank Schless, Senior Manager, Security Solutions at Lookout:
“Deep sea phishing”
Threat actors are building more advanced phishing campaigns beyond just credential harvesting. Through the first 9 months of 2020, almost 80% of phishing attempts intended to get the user to install a malicious app on their mobile device. (source: Lookout for Work users, January 2020 thru September 2020)
“Engineering the social dilemma”
Threat actors have learned how to socially engineer at scale by creating fake influencer profiles with massive followings that encourage followers to download malicious apps. Personal apps on devices that can access corporate resources pose serious risk to enterprise security posture.
Chris Hazelton, Director of Security Solutions at Lookout:
“Mobile App vulnerabilities are a thing”
In February of 2020, WhatsApp disclosed a vulnerability in their iOS app that was exploited by Pegasus surveillanceware to gather intelligence from targets. While there are security vulnerabilities in all operating systems, including iOS and Android, it is less understood that vulnerabilities in mobile apps can be used in attacks.
“That’s not your package!”
Since no one checks email anymore, a growing vector for phishing attacks is SMS/text messaging (AKA smishing). In September the FTC issued a warning about phishing campaigns involving text messages with false delivery notices that included a link to validate the delivery. With home delivery the primary channel in the era of COVID-19, this was likely a successful campaign. Across any chat medium on mobile, phishing attacks seek to trick users into clicking links to expose personal and work credentials, and even download mobile surveillanceware.
Joseph Carson, chief security scientist and Advisory CISO at Thycotic:
“Over the next year, ransomware will continue to be the biggest threat and financial risk to enterprises. Most organizations should be very concerned about ransomware as the biggest cyber security challenge and threat. Organizations should prioritize to invest in security solutions that help reduce the risks and also plan and test an incident response plan to help ensure the business is resilient to high risk attacks. Ransomware is going to continue evolving with recently it is becoming not just a security incident but also a data breach with organized cybercrime groups also stealing the data before they encrypt it meaning that companies are not just worried about getting their data back but also who it gets shared with publicly. Ransomware has proven to not be ethical in any way and will target anyone, any company and any government including hospitals and transportation industries at a time when they are under extreme pressure.”
Joseph Feiman, Chief Strategy Officer at WhiteHat Security:
“Through 2022, DevSecOps community will grow faster than ever in its history. In 2021, we have witnessed growing maturity and expansion of global development communities, such as Postman and GitHub. Moreover, the communities have begun offering their own application security tools, as well as commercial-tool integration. All that, for the first time in a decade, makes it realistic to integrate application security in global DevOps platforms/processes/DevOps Teams, thus making them DevSecOps.”
Oliver Tavakoli, CTO at Vectra:
“The next big thing in security is the inversion of the corporate network. It used to be that everything truly important was kept on-premise and a small number of holes were poked into the protective fabric to allow outbound communications. 2021 is the year where deperimeterization of the network (which has been long predicted) finally happens and does so with a vengeance. The leading indicator for this is companies who are ditching AD (on-premise legacy architecture) and moving all their identities to Azure AD (modern cloud-enabled technology).
As we move into 2021. make sure a world-wide pandemic is in your disaster plan. Companies with global footprint often have plans for a regional disaster that involves shifting operations to other regions – but seldom have plans which hold up to all offices being simultaneously closed.
Invest in security technology which works regardless of where your end-users are working from. Putting a shiny new web proxy on your campus perimeter doesn’t buy you much when everyone is sent home to work.”
Steve Durbin, managing director of the Information Security Forum:
“One area that organizations need to deal with is the rise of the insider threat with so many unhappy employees who have been furloughed, or let go, from their jobs. The trust organizations are placing in insiders has grown with advances in information technology, increasing information risk and changing work environments. This trend will continue as the volume of information insiders can access, store and transmit continues to soar – and mobile working for multiple employers become the status quo.
The insider threat is one of the greatest drivers of security risks that organizations face as a malicious insider utilizes credentials to gain access to a given organization’s critical assets. Many organizations are challenged to detect internal nefarious acts, often due to limited access controls and the ability to detect unusual activity once someone is already inside their network. The threat from malicious insider activity is an increasing concern, especially for financial institutions, and will continue to be so in 2021.”
Brendan O’Connor, CEO and Co-Founder at AppOmni:
“SaaS is quickly becoming a primary target for attackers. With enterprises shifting to virtual and remote workforce, many are moving their business applications and data to the cloud. As a result, IT staff are tasked with the management and security of multiple SaaS applications and rapidly growing cloud presence. IT staff had to forego any security benefits they had from network segmentation afforded by traditional office network and in some cases, start from scratch. In doing so, they are not equipped with tools to scan APIs between applications, automate SaaS configurations, monitor changes to the environment, and assess user access or activity - all key components needed to securely manage and maintain one's SaaS environment. The shift to the cloud, unfortunately, has not gone unnoticed by hackers and bad actors. As organization play catchup, attackers are shifting their strategy to leverage the lack of SaaS expertise and necessary tooling to monitor and keep attackers at bay. As more and more organizations adopt the virtual workforce model for the long haul, we should expect SaaS to be increasingly targeted by bad actors.”
Ms. Kacey Clark, Threat Researcher at Digital Shadows:
“Threat actors will continue to exploit public attention on global events”
The coronavirus pandemic did not revolutionize the threat landscape; however, it demonstrated that cybercriminals could quickly exploit any period of high uncertainty and public attention for their selfish interests. In our blog covering the impact of COVID-19 on the threat landscape, we discussed how cybercriminals are always among the first attempting to sow discord, spread disinformation, and seek financial gain in light of large-scale global events. Hopefully, next year won’t be as COVID-centered as this one; however, the pandemic forcefully postponed many international events to halt the spread of the virus. Consequently, 2021 will likely be a year rich in global sports competitions and artistic events.
Events like the Dubai Expo, the Tokyo Summer Olympics, and the UEFA Euro Cup are set to happen in 2021. It is highly likely that they will receive considerable attention from cybercriminals willing to capitalize on periods of heightened public awareness. People will likely turn to these events with a great lot of interest following a year that didn’t reserve much space for the entertainment industry. We’ve already discussed how cybercriminals target major sporting events, and criminals will likely try to exploit the public’s need for updates around these events to deploy offensive campaigns in the form of social engineering, identity theft, and spoof websites.
In line with what we observed throughout the COVID-19 pandemic, we’ll likely see the same pattern of scams and fraud throughout the upcoming vaccine deployment, set to begin in early 2021. Cybercriminals will most likely sell the promise to obtain COVID-19 vaccines well in advance of the scheduled worldwide deployment to increase their revenue and spread further misinformation around the official procedures.
Heather Paunet, Senior Vice President at Untangle:
“One of the latest technologies to increase ROI for small businesses is software-defined networking (SD-WAN). SD-WAN is able to help small businesses navigate the complexity of network management, improve internet connectivity, optimize bandwidth, and enhance network visibility. In 2021, small businesses will continue the trend in SD-WAN deployment to meet their growing business needs and make their networks more powerful.
According to a recent survey, 48% of SMBs operate in more than two locations, making SD-WAN an ideal technology for them. SD-WAN allows small businesses who are using bandwidth intensive applications, such as Voice over IP tools, Zoom, Salesforce, or other cloud-based applications to optimize lower-cost internet or broadband so that it’s not necessary to spend more on upgrading the internet at every location.
Additionally, one of the biggest incentives of deploying SD-WAN technology is in connecting branch offices to centralize network management. With SD-WAN implementation across smaller businesses, it allows for the ability to centrally manage and push policies in near real time to all office locations providing consistent business and employee productivity.
Overall, small businesses have transitioned to meet the moment during this pandemic and all the challenges of 2020. As we move forward into 2021, they will continue to adopt new technologies, streamline their business operations, and create a more effective workforce, regardless of their location. This does not change the fact that small businesses will also continue to be targets for cybercriminals looking to exploit unsure employees, unsecured access points, and devices who “forget” to secure their connection to the corporate network. To combat this, SMBs will need to increase their network security awareness in 2021, continue to deploy multi-layered network security solutions, and begin to consider reducing their technology investment timelines to take advantage of better solutions now instead of the future.”