Despite a year marked by massive change and upheaval, some argue the nature of most cybersecurity threats will continue to show broad consistency with previous years. Ransomware and banking Trojans are incredibly popular, phishing remains the easiest means to achieve initial entry, cloud providers have gigantic targets on their back and cybercriminals continue to take advantage of vulnerabilities new and old as patching and incident response lags.
In August, Microsoft released the results of a sprawling survey of 800 business leaders in the U.S., United Kingdom, India and Germany to determine how the pandemic was affecting their cybersecurity priorities. The data shows that “an alarming number of businesses” are still impacted by rudimentary phishing scams, security budgets and hiring needs. The top five investments since the virus struck are multi-factor authentication tools, endpoint device protections, anti-phishing tools, VPNs and end user security education.
While the details may change, many of the most relevant cyber threats of 2021 may not look dramatically different from previous years.
“During the pandemic a lot of people were talking about account takeover and business email compromise…But we actually saw a resurgence in more old school, server side perimeter based attacks,” said Andrew Tsonchev, director of technology at Darktrace during a Nov. 9 virtual event. “Opportunistic attacks on the internet facing infrastructure of companies may have been driven by people opening up remote access to services; but I think it also just shows that in many ways not much changes for the attackers…The actual threat trends for the year don’t look that different from 2018 and 2019 to me.”
What has changed, however, is how vulnerable companies many be to the same old tactics, considering the shift of employees to remote working. Even with prospects of a COVID vaccine on the horizon, and rosier assessments for a return to the office in 2021, many organizations are reevaluating the old ways of doing things.
Many employees enjoy teleworking, and while some have reported feelings of isolation caused by the switch, on the whole many report appreciation for the balance it brings between their work and personal lives. While workers say goodbye to long commutes, traffic and professional dress codes, company executives are realizing “we don’t need a high rise building anymore, we’re going to save on rent and have everybody work from home in their pajamas,” said Jon Bambanek, founder of Bambenek Consulting.
Whether it’s a return to the crowded, pre-pandemic office or a brave new world transitioning to a permanent remote workforce, companies will have to reevaluate the ad-hoc technologies and structures they’ve put in place in the immediate wake of the virus, because in some ways they could be making organizations less safe.
The Microsoft survey found that “providing secure remote access to resources, apps, and data” is the top challenge reported by security leaders. The Cyberspace Solarium Commission – a collection of public and private cybersecurity experts – concluded that new ideas and security architectures around digital services will be necessary to help insulate businesses from future disasters.
“To survive future pandemics or catastrophic cyber incidents, the nation needs secure, remote access to reliable cloud services,” the commission wrote in its pandemic annex.
Forrester has tracked a related dynamic when evaluating the pandemic fallout, finding a host of new retailers and manufacturers who switched to online selling in the wake of the virus and wound up leaving systems, credentials and customer data exposed or unsecured.
Etay Maor, chief security officer for IntSights, said a quick search of sites like Shodan show a much wider range of new devices and systems open to common vulnerabilities, something he explained was “because people had to open up quickly” and stand up fly-by-night digital operations in response to nationwide lockdowns in the spring. Organizations vulnerable to bugs that were disclosed a half decade ago or longer are also showing up.
“I was searching for specific vulnerabilities – even very old ones like Logjam and Poodle – and all of a sudden I see more of these [instead of less],” he said. “So, I think we have yet to see all the outcomes from what we’ve experienced in the last eight months.”