Cyber Threats
Looking Ahead: The Post-Pandemic Security Landscape
One year into the pandemic, our team at Trend Micro discussed the lasting impact that Covid-19 will have on people’s way of life and what a post-pandemic “new normal” might look like.
One year into the pandemic, our team at Trend Micro discussed the lasting impact that Covid-19 will have on people’s way of life and what a post-pandemic “new normal” might look like. The coronavirus has already accelerated a second digital revolution not seen since the dot-com boom of the early 2000s. Likewise, it’s made criminal minds all the more motivated to innovate and digitize their attacks — if they’re not tech-savvy already, they will be. Here are some of our insights and predictions:
There will be an increased demand for information online
With the uncertainty surrounding the coronavirus and its ongoing effects on our everyday routines, people are eager to stay up-to-date on a wide variety of topics such as the latest healthcare protocols in their respective countries, newly-discovered virus variants, and novel forms of at-home entertainment. However, this presents criminals with the perfect playground on which to peddle misleading narratives or target inexperienced users for digital threats, be it for financial or political gain.
Vaccination status will become part of our digital identity
Vaccine passports are currently a hot-button issue, but documentation of one’s immunization status will soon be a necessity for mobility in the near future: it's gaining traction worldwide, with countries rolling out their own pilot initiatives like the EU’s Digital Green Certificates, New York state's Excelsior Pass app, and China's QR-based Health Declaration Code. Inevitably, our digital identity will need to include our vaccination records, and the impact of this eventuality will be far-reaching.
Before long, digital identity management will figure into governments' plans to pass global travel regulations, as discussions arise over how vaccination documents can be faked or hacked. When these become part of our daily lives, digital passports will no doubt be a valuable asset targeted by criminals and state-sponsored attackers, who will seek to steal, modify, or forge them.
We have yet to establish a globally-recognized standard for authenticating one’s health status, so we can expect to see inconsistencies in the management of people's vaccination status and travel approval over the next few years, especially when it comes to international travel. With so many companies now leaning into remote work, business travel may resume after the pandemic, but it will only be a fraction of what it was, and will focus largely on regional trips. This transitional period of uncertainty will allow criminals to build a complete new black market around the demand for products like falsified vaccination passports, or negative Covid-19 test results sold as a service. There's already evidence of these bring sold on the dark web, and such forgeries have even made their way to popular platforms like eBay, Shopify, and Telegram.
Moving forward, more governments and companies will also turn to contact tracing as a public health precaution, but its widespread use is bound to raise hackles over data privacy and security concerns. Not only are guest-tracking and other contract tracing apps at risk of potential misuse for political ends, these can also be abused for business-related data mining. People will be asked to entrust these businesses with their personal information, so it’s imperative that they’re protected from threats like data theft.
The entire shopping experience has changed
Online shopping was already on a growth trajectory pre-crisis, fast-tracked by a pandemic that has reinvented our relationship with retail. Brands have pivoted to a digital-first or even an omnichannel approach to deliver a frictionless experience for buyers still stuck in lockdown.
The end-to-end customer journey has seen major overhauls, with “buy online, pick up in store” and curbside pick-up quickly becoming the fulfillment modes of choice, while more brick-and-mortar locations are converted to dark stores. In lieu of in-store interactions, merchants are doubling down on their online presence: these days, online reviews, social media, and the round-the-clock availability of a branded app or website can inform purchasing decisions much in the same way browsing store aisles once did.
This past year has pushed us further towards becoming a cashless society, fueled by the popularity of e-commerce, money transfers, and contactless deliveries. These have become a mainstay in our daily lives, and will continue to be so even after restrictions ease. This makes our mobile phones, with which we do these transactions and holds all our digital wallets, more important than ever. Our ubiquitous use of personal devices is likely to drive a surge in attacks like digital wallet theft, digital money laundering, and delivery fraud.
Cash-on-delivery payments for online shopping will also soon be supplanted by mobile-based currency payments in countries where conventional banking services still have limited penetration. Other countries like Japan, which were once reliant on cash transactions, are slowly warming up to cashless alternatives such as the use of QR code payments or digital currency remittances. However, we will need to shore up the infrastructure supporting digital currencies if they are to match the security level of traditional banks.
Countries will further protect their local economies and healthcare
As we all continue to grapple with the disruptive nature of the pandemic, countries will want to be in a better position to look out for their own citizens and interests. In these unprecedented times, when public health is considered a national asset, governments are in a race to protect and immunize the population — and they will explore strategic advantages to do so. Digital state-sponsored espionage will be on the rise, designed to secure medical supplies for its people, get a leg up on business competitors, or scout for emerging global-scale threats brewing in other parts of the world. In the wake of cyberattacks against the European Medicines Agency and vaccine researchers in Canada, the US, and the UK, we’re seeing how healthcare is particularly susceptible to threats like targeted attacks or the proliferation of misinformation. Chemical components used in vaccine production may soon be treated as valuable assets that need to be closely monitored, if not classified as tracked substances under government regulations, as more vaccines are exported and rolled out to populaces worldwide.
Working from home is here to stay
The way we work has changed fundamentally, with companies across the board adopting more flexible or hybrid work arrangements for the foreseeable future. Companies may want to forego big office spaces in favor of smaller flagship real estate. We can expect cybercriminals to evolve alongside this new reality, and adapt their attacks styles to have a wider reach, so credential theft will become a higher priority among businesses. Infrastructure is key now that we’re working remotely for the long haul: end users will have to be more mindful of potential attacks on gateways, VPNs, routers, and personal NAS devices.
Companies will also raise the guard here, implementing zero trust as they amp up their security activities around infrastructure changes in order to protect their digital environments. Cloud servers will play an even more dominant role among enterprises whose workforce is heavily engaged in remote work, making it imperative that their cloud infrastructure can withstand any attacks.
The digital revolution is impacting traditional industries
Many businesses are compelled to adapt and reinvent themselves if they are to survive the Covid-19 crisis. As more industries go digital and automate their operations, cyber literacy will become an essential skill in the workplace. People who are in more traditional lines of work and still learning the ropes of IT security will be a prime target for cybercriminals. Threat actors can expand to new markets by simply reusing their established attack vectors, such as phishing and ransomware, instead of more sophisticated tactics.
The digitization of these industries will also lead to an uptick in the use of new technologies — much like how augmented reality is now being utilized in manufacturing — that will open the door for more advanced cyberattacks. Because these will require a lot of initial skill investment, such attacks will mainly be conducted on a bigger scale, most likely on the state-sponsored level.
Processes will be API-enabled to push digitization
In an effort to future-proof their processes, more businesses will be integrating application program interfaces (APIs) as part of their digital transformation plans. Entire platforms and services will emerge just by tying together APIs that will, in turn, create connected experiences that will save end users time and money. But this will surely put APIs in the crosshairs of cybercriminals, especially ones with ties to organized crime, who may target APIs for man-in-the-middle attacks and distributed denial-of-service (DDoS) attacks.
While adopting APIs into one’s business strategy can eliminate data silos among systems, there are also dangers to leaving APIs unsecured. DDoS attacks are one of the oldest go-to techniques used by cybercriminals, and any system with exposed API endpoints can be flooded with fake network traffic that interrupts operations. Such API overloads are costly and time-consuming to fix for businesses that will need to sort legitimate customer orders among large volumes of fraudulent traffic. The resulting downtime will mean longer wait times for end users, new transactions can’t be completed, or potential customers will turn to other businesses instead. This can be a hobbling setback for industries whose competitive edge depends on delivering a secure and seamless service, such as logistics companies.
Supply chains will become more localized
The pandemic has tested the resilience of supply chains around the world, exposing vulnerabilities in companies relying on global operations. Upsets in any stage of the supply chain eventually ripples through the rest of the chain, so more companies can take this as an opportunity to revisit their processes and identify any performance gaps in their network. We anticipate that they will transition towards a less geographically distributed supply chain, in step with the digitization of their business. By keeping operations closer to home, they can mitigate the impact of any future waves.
Living in the "age of jetliners," Ada Louise Huxtable once pointed out, meant that "nothing was more up-to-date when it was built, or is more obsolete today, than the railroad station." We find ourselves in a new age, navigating a world thrown in flux, and we can’t move forward if we’re mired on the same tactics and toolbox we once relied on. We might not see an end to the coronavirus crisis until sometime in 2022, but even then, it’s doubtful we will ever return to pre-Covid life as we knew it. Instead, we’ll adapt: our memory of living through the pandemic will remain very vivid, so certain practices we’ve internalized, like wearing face masks during normal flu season, will become the norm worldwide. This past year has been marked by seismic shifts in our approach to travel, work, and technology — changes that, now set in motion amid the pandemic, are here to stay.