In times when SolarWinds-type cyberattacks are on the rise, there is every reason for organizations to raise red flags on issues related to cybersecurity. In what is dubbed as the biggest cyberspace attack in US history, hackers reportedly gained entry into networks when over 18,000 private and government users downloaded software injected with malicious code. After entering, they were able to monitor the internal emails of some of the important government agencies.
Furthermore, a report published by NetScout’s Atlas security engineering and response team, states that the number of distributed denial-of-service (DDoS) attacks in 2020 exceeded 10 million, up from 8.5 million recorded in 2019. Since March 2020, the increase in work-from-home trends has led DDoS attacks to rise to 800,000 cases each month.
Organizations, especially those with large remote user populations or hybrid work environments need to ensure that their IT infrastructure is best suited to respond to these unwarranted incidents.
The combination of technological advances such as 5G with growth in connected devices has led to several trends in cybersecurity that could take place in 2021 and beyond.
Remote infrastructure vulnerability: Working remotely has given rise to a vulnerable attack landscape where criminals recognize the weak points and capitalize on them, particularly with unsecured legacy security architecture such as a virtual private network (VPN). Several companies have already been a victim of such attacks and this trend will likely continue. It would do well for companies to upgrade their VPN and RDP (Remote Desktop Protocol ) infrastructures.
Automation of smart devices: As investments pick up to turn smart devices into fully automated machines with in-built intelligence for various projects, it will have an impact on latency, connectivity and security issues. The greater the interconnectivity with external services, the higher exposure to attacks as MEC and edge cloud services utilize the 5G high speed for smart collaboration between systems.
Cloud centralization: As we transition to APIs for web applications, the internet will work as an interconnected service workshop. Organizations providing services from the edge to central clouds are likely to increase the risk of cyberattacks if a component fails due to connectivity, the whole system can be impacted. Cloud service solutions providers need to be on top of the latest web security threats that safeguard resources and data to avoid the probability of large-scale outages and collateral damages.
Phishing attacks: As humans, we are emotional beings and phishing attacks target our emotions. Emails that prompt us to click on malicious links will be on the rise. As per Verizon’s 2020 Data Breach Investigations Report, attackers used phishing in 22% of the investigated breaches. The usual suspects such as targeted business email compromise (BEC) attacks or even the new entry ‘vishing’ (voice phishing) attack will keep prying our privacy.
Ransomware menace: Ransomware has brought some companies to their knees by asking them to pay up hefty sums in return for their compromised data. That is not going to go away anytime soon. According to a recent Gartner report, “ransomware has evolved beyond the commodity, widespread attacks intended to infect a single endpoint to include more advanced techniques, such as fileless malware and data exfiltration [...]. These new strains of ransomware make prevention and planning more important than ever to prevent ransomware attacks.”
Internet of Behavior (IoB): As data gathered from IoT devices, smartphones, wearables, etc are used to understand customer behaviour by marketing companies, experts feel it will be a challenge to maintain the balance between user experience and privacy. Companies will need to be extra cautious with the amount of personal data at their disposal and draft policies to safeguard them accordingly.
Bad bots: Bad bots steal data from sites without authorization for reuse (e.g., pricing, inventory levels) to gain a competitive advantage. The hardcore ones even extend to criminal activities, such as fraud and theft. Bad bots are looming threats to enterprises and businesses as it is not easy to detect their presence and operating technique. Companies must be mindful of such trends to effectively protect themselves and their users’ data from malicious attacks.
Security validation: Validating security effectiveness is critical for businesses today. With cyberattacks on the rise with increasing sophistication and motivation, security validation facilitates companies to constantly measure, handle and improve their cybersecurity effectiveness. With work from home trends, vulnerable attack surfaces, and stealthy techniques used by hackers, companies are seriously considering in-house security validation to fully managed or co-managed security validation. This trend will see faster adoption in the coming days.
Distribution of fake news: Fake news distorts facts and misleads the readers. Social media platforms, including Facebook, have been trying to stop the circulation of fake news in their channels but to no avail. The point to be considered is that these technologies are not capable of detection and classification yet. AI needs the support of scarcely available historical data to understand if those are genuine or fake. There are thousands of such news floating on the internet that are designed to achieve ulterior motives. Even if a fake campaign is identified, malicious players develop a better one. All in all, we are going to need improvement in artificial intelligence and deep learning solutions for better detection and prevention of manipulation of data privacy.
As we usher into a digital-first world, data privacy must be safeguarded at all costs. Greater agility and innovation are warranted from each responsible player to bring efficient data protection framework in place in the digital ecosystem.