An IT Security Outlook for the Coming Year
Are you glad to put 2020 in the rear view? We certainly are. In a year full of challenges, some of them devastating, some mundane, related to the global pandemic, technology played an outsized role.
As the threat of the virus and mandated lock downs relegated us to our homes and makeshift offices, our physical worlds shrank and our virtual worlds grew exponentially. This new reality made starkly evident the integral role of cybersecurity to everyone’s work. It also introduced new security challenges and emphasized existing vulnerabilities. In many ways, our cyber defenses rose to the challenge, but malicious actors continue to seek out and target new holes in our security systems.
So, while we are thankful to leave 2020 in the past, we can’t afford to think we leave the security challenges that last year brought behind as well. Here is a rundown of what we see in the security and technology outlook for 2021.
Security Threats, Concerns, & Predictions
Today’s distributed work environment isn’t going anywhere in the near future. The new work from home (WFH) realities mean that individual employees now have to consider enterprise-level security in their home office environments.
This new work environment also means that home computers and networks will become the target of choice for many attackers seeking to take advantage of unpatched systems and infrastructure weaknesses. Unless you’ve invested time and resources, your home router is likely a “sitting duck,” an enticingly vulnerable potential launching point for cybercriminals to attempt access to corporate networks.
Attacks on VPNs and RDPs. With remote work the new norm, more and more companies are relying on Remote Desktop Protocol (RDP) and Virtual Private Networks (VPN) to offer some security while also allowing their employees to access corporate networks from outside the traditional boundaries. But RDPs were already one of the most attacked services on the internet before the 2020 shakeup and the new realities of a distributed workforce mean that RDPs, VPNs and other remote access services are increasingly enticing targets.
Scams remain a serious threat. While the technological vulnerabilities that we face in 2021 are very real, it remains true that human vulnerabilities are also a significant threat to both individual and enterprise systems. The number of scams continues to rise, and cybercriminals continue to prey upon our fears around the pandemic and its resulting economic fallout. (Check out our recent article on current trends in scams and tools to help you and your staff avoid them.)
The role of AI and Machine Learning. While new developments in AI and machine learning continue to contribute positive elements to our businesses and society at large, they are also being used by malicious actors around the world and the web. These rapidly developing technologies will increasingly be used by attackers, especially in hyper-targeted spear-phishing campaigns.
Automation and AI have already dramatically increased the volume of these detailed and believable campaigns that cybercriminals are initiating. Such attacks are also likely to continue to prey on our collective fears about the pandemic, the economy, and politics.
The good news? The automated versions of spear-phishing emails will be easier to spot than the time-intensive manually generated ones. The other side of the improving automation and AI landscape is that defensive security automation is increasing its ability to offer both time and cost efficiencies to organizations of all sizes and scopes. Security automation services are on offer from a broadening array of service providers too, making this such options more accessible no matter your scale or industry.
New Ransomware Tactics. As ransomware defenses have improved, and cybersecurity awareness campaigns continue to increase both human and technological prevention, cybercriminals haven’t abandoned their ransomware tactics, they’ve just adapted them.
In one of these adaptations, known as double extortion ransomware, cybercriminals make sure they’ve exported all of an organization’s targeted data before victims even know they’re under attack. They then use the information in their possession to extort victims to keep the breach from becoming public or sell the data they’ve collected. The criminals using ransomware are also growing in the business acumen, carefully pricing their ransomware demands to ensure that payment can be a rational choice.
These new approaches mean that companies need to adapt to how they protect against and recover from ransomware attacks. In addition, today’s remote work environment and the technological lift required to quickly shift to distributed work, learning, and healthcare environments will contribute to organizations’ vulnerability. Last year, ransomware attacks frequently targeted the professional services, healthcare, and education sectors – sectors hit especially hard by the pandemic.
Increasingly targeted mobile devices. Once upon a time, mobile devices were relatively immune to the cyber threats that target our PCs and desktops, like malware, viruses, and phishing campaigns. But those days are long gone. For the past few years, hackers are increasingly targeting our mobile devices which these days serve as not only access points to corporate networks, but also a treasure trove of information about our location, habits, and other valuable personally identifiable information (PII).
As with other cybercrimes, we must keep up with constantly evolving methods that target our mobile devices. Phishing text messages and emails delivered to mobile devices are three times more likely to lead a user to open malicious links or content than a on a desktop device.
Cloud Security. The use of public clouds continues to expand as we grow ever more reliant on cloud computing to facilitate remote work. But as the pandemic and work-from-home requirements pushed many organizations to adopt cloud solutions more quickly than they might have otherwise, some may have deferred implementing the right security controls at the outset. A renewed focus on controlling access to data and clear policies and training around when, who, and how employees at all levels access information stored in the cloud can be an important step in ensuring that your organization’s cloud solutions stay secure. However, this is only one of several necessary precautions. Misconfiguration of these cloud-based systems is one of the leading causes of vulnerability. It’s paramount for all of us to play security catch up with the cloud-based technologies that we implemented in response to 2020.
Other Security Trends & Positive Outlooks
WiFi 6 is coming. The Pandemic and stay-at-home orders forced Wi-Fi technology to improve by leaps and bounds in a short amount of time. We therefore have new wireless technologies to look forward to in 2021. Chief among these is Wi-Fi 6. What’s different about Wi-Fi 6? It’s focus will be on efficiently sharing bandwidth across our ever-multiplying devices instead of speed. And new routers featuring Wi-Fi 6 and enhanced security controls are showing up at reasonable price points these days, which makes the technology more accessible for everyone, from WFH maven to c-suite executive.
Videoconferencing. Applications like Webex, Google Meet, and the ubiquitous Zoom became essential not only to functioning in our work lives, but also for staying connected to friends and loved ones in a time of physical isolation. The necessity and influx of new users pushed companies to enhance both the capabilities and security of their platforms. These advances dramatically improved both the user experience and the security of using such platforms for routine and specialized business functions. And the reality is that as we pass the one-year mark of the pandemic and our current new world order, it’s unlikely that videoconferencing as a cornerstone of business functionality is going anywhere anytime soon. However, new startups are vying for ways to push us past the all too familiar grid of faces, to new and innovative ways to meet and collaborate online.
The continued death of the password. “The average person has close to 80 passwords, hardly any of which they can remember.” The death of the password is a good thing, as it is inherently human to create bad passwords, forget them, and take a dangerous hands-off approach to our password management. As more and more valuable information is stored in the cloud, this is a growing business and security concern (as well as profoundly dangerous for individuals too). It’s estimated that cybercrime costs our world economy about $2.9 million every minute and approximately 80% of those attacks are password related.
In fact, cybersecurity firm WatchGuard audaciously predicts that every service that doesn’t utilize Multi-factor Authentication (MFA) will see a breach or account compromise in the coming year. In addition to the increasing prevalence of Multi-factor Authentication, biometrics are also emerging as an increasingly viable alternative to passwords. But we are still a ways off from that future. So in the meantime, make sure to implement a strong password strategy for your organization and yourself, and enable MFA anywhere and everywhere you can.
Steps to Take for a More Secure 2021
- Pay attention to the architecture of your work-from-home arrangements. Provide support to your employees to securely set up their networks, computers, and peripherals. Engaging professional help in the set-up or restructuring process can save a lot of pain, expense, and heartache down the road.
- If you don’t already have them, develop security policies around accessing corporate networks and files through remote services (i.e. Ensure that RDP is never enabled without VPN). And find ways to incentivize employees to follow those guidelines.
- View setting up secure and efficient WFH policies and structures as a long-term investment as the distributed workforce is likely to be an increasing part of the new normal.
- Make updates and patches an integral part of your IT systems procedures for both your company network and for employees working from home.
- Never before has the importance of thoughtful, intentional, and well-executed BYOD policies, data policies, and security plans been more evident for organizations of all shapes and sizes. As work devices are used for personal projects and personal computers contribute to corporate work, companies should expect to lose some of their traditional controls over data. However, crafting policies that are fair and developed with realistic employee input can help ameliorate some of this risk and protect both your company and your employees.
- Approach the security of your personal communications (on mobile phones and personal email, among other channels) with the same rigor that you do your professional exchanges. Watch out for scams that play upon current events and topics like COVID-19 vaccines.
- In addition, the new work realities may require a refreshed approach to employee education around cybersecurity. An education process that is never really complete may now need to be reframed in the context of a distributed work force and the unique challenges of each remote office set up.
- Prepare for a ransomware attack. While the probability of an attack happening to your organization is uncertain, 2021 brings new risks in this realm so it is worth being prepared. Key steps include segmenting your network, ensuring that you have an actual response plan in place, making sure that you have access to secured backups, and establishing an incident response service-level agreement, if you don’t already have one in place.
Looking Back to Look Forward
As we look back at the past year and what it means for 2021, it’s undeniable that 2020 was a catalyst for change. The global pandemic and the ripple effects upon our economy, livelihoods, technology, and social networks will likely change the way we work long into the future. In looking to that future, there are four key trends that we see emerging to impact our collective cybersecurity.
- A more distributed workforce is likely to be a permanent fixture of workplaces and cultures. We have yet to fully understand the implications of what that means for our technology, infrastructure, and organizational ethos, but it is undeniable that 2021 will be a year of adaptation and creative problem solving around this new reality.
- Cybersecurity is no longer just the purview of IT and cybersecurity professionals. We all must be more aware of the basic tenets of cyber safety and organizations need to reexamine their approach to cybersecurity education and safety protocols implemented at every level.
- IT infrastructure may have new definitions in an increasingly cloud-based ecosystem. But the efficacy and stability of those structures and configurations is still vitally important to the security and operationality of a company, no matter its shape, sector, or size.
- Threats to our data, information, and technology are finding new ways to infiltrate every aspect of our lives. And while constant vigilance is exhausting, practicing good common sense and a bit of healthy skepticism is not. So make such habits a part of your daily routine and when you come across threats, take a moment to report them! By doing so, you can help contribute to the overall safety and security of our shared digital ecosystem.
Here’s to a safe, secure, and innovative 2021!
Paul King is the founder and CEO of ITeck Solutions LLC, an IT and business consulting firm based in the DC Metro area. Paul has more than 20 years of experience in the design and implementation of cost-effective and high-performance technical solutions that meet the needs of clients across diverse industries.
ITeck takes pride in equipping our partner organizations with the tools and knowledge to meet the challenges of today’s rapidly evolving business environment. This includes working collaboratively to design and implement comprehensive business continuity and disaster recovery plans, facilitating organizational shifts to the cloud, and planning for and securing hybrid work environments. If you’re interested in working with ITeck, please reach out to schedule your free consultation today.