As 2021 nears, enterprises have to orient themselves to the main focus areas and considerations. In response to the Covid-19 pandemic, organizations have had to rethink their operational and security processes — from business functions and cloud migrations to teleworking support. These, along with constant security risks, have not only challenged organizations in 2020 but also raised concerns regarding their readiness for disruption.
Now that working from home has become commonplace, houses have since been flipped into offices for the foreseeable future. More employees are using devices (some even personal) to access confidential data on home and corporate networks, which poses a considerable risk to any organization. Without secured access and robust security tools that protect the distributed attack surface, threat actors can easily hack into networks and jump from one machine to another until they find a suitable target.
Here are some of the other predictions that we believe security professionals and decision-makers should watch out for in the coming year:
Home offices as criminal hubs
Similar to how security experts follow the trends and emerging technologies, cybercriminals will follow users and initiate attacks that take advantage of their situations and behaviors. In 2020, the use of devices and software repositioned when workforces shifted to distributed work. Threat actors are on the lookout for security gaps in organizations’ current security postures, ready to take advantage of weak points, the lack of preparedness, or the inability to support a remote workforce securely.
Routers will be prime targets for remote attacks. Cybercriminals can offer hacked routers as a new service where they sell access to high-value networks. We believe that it’s possible for them to apply the same method to converged IT/OT networks.
Handling valuable company assets will also be challenging in 2021, wherein organizations will have to withstand breach attempts and malware infections and secure any sensitive information. While virtual private networks (VPNs) allow secure connections with workplaces, they will prove inefficient and still be weak links for many organizations if they’re outdated (or have unpatched vulnerabilities that could drive remote attacks). Without detailed company security policies and incident response plans, attackers can target remote workers as the ideal entry points into corporate ecosystems.
Covid-19 as a lure for malicious campaigns
Cybercriminals have been quick to seize the disruption the pandemic brought to launch a slew of attacks, including phishing and ransomware. Since the onset of the pandemic, threat actors have relied on social engineering tactics to deliver spam, business email compromise (BEC), malware, and malicious domains.
Threats will continue to exploit the public health crisis in hopes of gaining a foothold in target systems. There’s no shortage of threats that cybercriminals can employ, banking on Covid-19-related unease. We expect this to continue in 2021 as countries around the world continue to combat the spread of Covid-19.
Malicious actors will also turn their attention to testing, treatment, and vaccine efforts and exploit surrounding coronavirus-related fears through misinformation. Healthcare organizations, including pharmaceutical companies developing vaccines, will be further pressured to keep up with the demands and brave security attacks, which can disrupt their ability to provide care to patients. Threat actors can pose risks to patient data, launch malware attacks, or facilitate medical espionage.
Digital transformation efforts as a double-edged sword (if not done right)
The business disruption that the Covid-19 pandemic caused has spurred industries across different sectors to fast-track their digital transformation programs. Pandemic aside, organizations wouldn’t have made the same quick pivot in "normal" circumstances. From a technological point of view, this is favorable for addressing current demands that cloud-based software can undertake. Many have pushed for further connectivity among workers, AI-enabled apps for business productivity, and increased cloud adoption to empower organizations to respond faster and scale better.
Those who have hastily moved from the traditional on-premise setting and have no solutions in place will struggle. Accelerated transformation meant many organizations adopted new technologies to maintain business continuity; unfortunately, the rush to implement these technologies could also mean that some may have had to skip due diligence.
The renewed push for cloud environments and collaborating tools will be attractive to attackers. Researchers and threat actors alike will focus on vulnerabilities related to remote-work technologies. The cloud of logs that organizations gather and store will also be central to high-profile cybercrimes, whereby valuable data can be used to find initial access points into networks.
Emerging shifts to the landscape shouldn’t prevent organizations from implementing new technologies and embracing the current reality. Threat actors will be seeking to take advantage of the situation, regardless of the current landscape. With proper security strategies and solutions in place, organizations can be equipped to reap all the benefits of digital transformation efforts without exposing themselves to considerable risk.
To learn more about the key security considerations and challenges for users and enterprises, read our report, "Turning the Tide: Trend Micro Security Predictions for 2021."