There’s no doubt that 2020 will be remembered for the uncertainty and rapid change it brought. As the global pandemic accelerated trends like remote working and digital transformation, it has also created new cybersecurity challenges. However, although much of 2020 was unpredictable, it’s still possible to step back and look at infosecurity developments that will point the way forward.
Sophisticated social engineered attacks on the horizon
A recent Verizon report highlighted social engineering as a top target for bad actors, and the threat is only expected to grow in the year ahead.
COVID-19 was in the news nonstop this past year, and threat actors are expected to continue to take advantage of it in 2021. Beware of scammers who will use social engineering to fool users into providing sensitive information like phone numbers, addresses and credit card numbers, promising to charge a small fee to pre-qualify them for a “free” COVID-19 testing offer. Others may trick users into downloading malicious apps on their smart devices, disguised as “government approved” technologies designed to take their temperatures or assist with COVID-19 tracking.
Unemployment fraud is another tempting target for tricksters. Government stimulus and unemployment programs are designed to make it easier for people to collect benefits, but security measures have not kept up. Phishing efforts around tax season are also expected to escalate, due to changing tax deadlines, revised policies and other uncertainties. Identity theft is booming during the pandemic as cybercriminals steal the identity of unsuspecting victims to claim stimulus checks. The real party doesn’t find out until it’s too late.
Telehealth organizations are a ripe target for targeted attacks
Shortcomings in data security are expected to make telehealth providers especially open to threats. When the global pandemic emerged last spring, virtual healthcare soared—and the UK, US and other governments also temporarily relaxed healthcare privacy standards to facilitate telehealth and research. Healthcare providers are doing everything they can to deploy new systems and support more patients online, while bad actors seek out high-value, vulnerable targets.
2021 threat actors: More attacks across more vectors
As the global crisis abates and organizations adjust to change, office work and travel are expected to gradually return to pre-pandemic levels. Yet even as life slowly returns to the “old normal,” in 2021 threat actors will continue to take advantage of the situation. As people start to plan more vacations, fraudsters will likely target consumers seeking bargains online or via email, using phishing and other attacks.
As employees return to the office, bad actors will flood the market with applications promising improved productivity. Watch for new attack vectors to emerge for social engineering, as well as attacks targeting home devices that are also used at work, such as smart speakers. Many of these devices lack enterprise-level security, making them vulnerable to attacks that can start in home offices and move laterally into business environments.
Staying safer online
As the threat landscape continues to evolve, businesses will place an increasing focus on identity and consumer accountability of their permissions and controls over their data. Keeping employees and customers safe online and with connected devices remains critical, especially as contact tracing and other sensitive applications become more commonplace.
More than ever, people will want to be sure about the identity of organizations they’re connecting with online. They will also want better assurances that connected devices like homes, websites, buildings and vehicles remain safe and secure.
Automation and efficiency will be top of mind
Doing more with less has always been a top imperative, and as the next year begins, its importance will only grow for security teams. Automation is expected to play a significant role in 2021, increasing dramatically compared to previous years. According to a recent SANS survey, 12 percent of respondents had no security automation in 2019. In 2020, the number dropped to 5 percent, and its importance is expected to increase exponentially in the year ahead.
Businesses will also be seeking to reduce the number of vendors to further save money and streamline operations. They will increasingly value vendors who can deliver innovative automation and offer leading global technology and local resources where their customers live.
A proactive approach to the coming year
Although it’s clear that the “new normal” will continue to pose challenges for individuals and businesses for some time, by understanding today’s cybersecurity trends, you can align your strategy to get out in front of future threats.