In 2020, there were many rapid changes on a global scale as organizations across the world attempted to adapt to a new normal caused by the pandemic. Amid this shift, there were significant developments seen across the cyberthreat landscape.
As we near the end of 2020, here’s a closer look at six cybersecurity threats – from HP – to keep in minds going into 2021 and beyond:
1. Weakened organizational security will lead to more unintentional insider threats
Home devices will be under increased pressure and we must expect home infrastructure will be targeted. The scale at which we operate from home increases the incentive for attackers to go after consumer IoT devices and pivot to business devices on the same networks.
2. Human-operated ransomware attacks will remain an acute threat
Ransomware has become the cybercriminal’s tool of choice, and this is likely to continue in the year ahead. What we will see is a rise in ransomware-as-service attacks where the threat is no longer the ‘kidnapping’ of data – it is the public release of the data. This has fueled the growth of an ecosystem of criminal actors, who specialize in different capabilities needed to pull off successful attacks. Malware delivered by email are often a precursor to human-operated ransomware attacks.
3. Greater innovation in phishing will see thread hijacking and whaling attacks
In 2021, there will be more innovative phishing lures designed to trick users and make attacks harder to identify. The most innovative mass phishing technique we see is email thread hijacking, which is used by the Emotet botnet. The technique automates the creation of spear-phishing lures by stealing email data from compromised systems. This data is then used to reply to conversations with messages containing malware, making them appear very convincing. We can also expect to see more of these attacks targeting individuals working remotely, thanks to everything relying on strong authentication, as opposed to in-person presence, there is more opportunity for hackers to engage in social engineering to trick employees into divulging credentials.
4. Hackers will tailor attacks to target specific verticals – in particular, critical infrastructure, pharma, and healthcare, Industrial IoT and education
One of the most at-risk verticals in 2021 will be healthcare: society depends on it and these organizations are typically under-resourced, change-averse, and slow to innovate. Education also fits this criterion and could be another prime target. This threat extends beyond hospitals and doctor’s surgeries into more critical areas. Due to the race to develop a new vaccine, pharmaceutical companies and research facilities will also continue to face adverse risk.
5. Zero trust is here to stay, but needs to be implemented in a way that is transparent to the user
Zero trust as a concept isn’t new, but the increase in remote working means that it is now a reality that organizations need to accept. The traditional ways of securing access to the corporate network, applications and data are no longer fit for purpose. The perimeter has become obsolete. Over the years the workforce has become more dispersed, and SaaS adoption has risen – this means critical data is being hosted outside the enterprise firewall. The time has come for organizations to start protecting against the unknown, which means utilizing zero trust, but in a way that is transparent to the user.
6. A new approach to security is needed
2020 demonstrated that is has become critical to manage highly distributed endpoint infrastructure and organizations need to accept that the future is distributed. Everything from remote workers’ devices to industrial IoT devices has become the new frontlines of the cybersecurity battleground in our increasingly cyber-physical world. To meet this challenge, organizations need to re-think their security architectures and controls and embrace the necessary innovation in technology and processes to help them support this new environment.