COVID-19 will continue to be a key focus for organizations’ IT and security teams, says cybersecurity solutions company Check Point.
“The pandemic derailed business-as-usual for virtually every organization, forcing them to set aside their existing business and strategic plans, and quickly pivot to delivering secure remote connectivity at massive scale for their workforces,” says Pankaj Bhula: Check Point’s EMEA Regional Director.
“Security teams also had to deal with escalating threats to their new cloud deployments, as hackers sought to take advantage of the pandemic’s disruption: 71% of security professionals reported an increase in cyber-threats since lockdowns started,”
“One of the few predictable things about cyber-security is that threat actors will always seek to take advantage of major events or changes – such as COVID-19, or the introduction of 5G – for their own gain. To stay ahead of threats, organizations must be proactive and leave no part of their attack surface unprotected or unmonitored, or they risk becoming the next victim of sophisticated, targeted attacks.”
With this in mind, here’s a closer look at seven cybersecurity predictions for 2021:
1. Securing the ‘next normal’ – In 2021, COVID-19 will still be impacting on our lives, businesses and societies, and those impacts will change as the year progresses. So, we need to be ready for a series of ‘next normals’ as we respond to those changes.
Following the rush to remote working, organizations need to better secure their new distributed networks and cloud deployments to keep their applications and data protected.
2. No cure for COVID-related exploits – As COVID-19 will still dominate headlines, news of vaccine developments or new national restrictions will continue to be used in phishing campaigns, as they have been through 2020.
The pharma companies developing vaccines will also continue to be targeted by malicious attacks from criminals or nation-states looking to exploit the situation.
3. Targeting remote learning – Schools and universities have had to pivot to large-scale use of eLearning platforms, so perhaps it’s no surprise that the sector experienced a 30% increase in weekly cyber-attacks during August, in the run-up to the start of new semesters.
Attacks will continue to disrupt remote learning activities over the coming year.
4. Double extortion increases the ransomware stakes – Q3 of this year saw a sharp rise in double-extortion ransomware attacks: hackers first extract large amounts of sensitive data, prior to encrypting a victim’s databases. Then attackers will threaten to publish that data unless ransom demands are paid, putting extra pressure on organizations to meet hackers’ demands.
5. The botnet army will continue to grow – Hackers have developed many malware families into botnets, to build armies of infected computers with which to launch attacks.
Emotet, the most commonly-used malware in 2020, started as a banking trojan but has evolved to become one of the most persistent and versatile botnets, capable of launching a range of damaging exploits, from ransomware to data theft.
6. Weaponizing deepfakes – Techniques for fake video or audio are now advanced enough to be weaponized and used to create targeted content to manipulate opinions, stock prices or worse.
Earlier this year, a political group in Belgium released a deepfake video of the Belgian prime minister giving a speech linking COVID-19 to environmental damage and calling for action on climate change. Many viewers believed the speech was real.
At a simpler level, audio could be faked for voice phishing – so that a CEO’s voice could be faked to bypass voice authentication.
7. Privacy? What privacy? – For many people, their mobile devices are already giving away much more personal information than they realize, thanks to apps demanding broad access to peoples’ contacts, messages and more.
This has been magnified with buggy COVID-19 contact-tracing apps, which have privacy problems, leaking data about individuals. And that’s just legitimate apps: mobile malware targeting users’ banking credentials and committing click-fraud on adverts is a major growing threat.