Looking back on a year of unprecedented uncertainty, countless lessons have been learned across the board for everyone, including cyber security leaders and experts. The overnight change in working patterns meant millions of employees suddenly had to work from home, putting huge strain on access to IT systems.
Threat actors weren’t resting on their laurels in spotting how these and other changes created vulnerabilities to target and exploit either; we saw a veritable ‘gold rush’ in cyber threat activity. By the end of March we had already identified more than 40,000 newly registered websites with coronavirus-related names, which we classified as “high-risk” sites due to the scams and malware being pushed onto unsuspecting consumers.
Overall, Covid-19 made cyber security a top priority for both businesses and consumers who were more digitally dependent than ever. So, remembering how important it is to talk about cyber security more openly and thus encourage greater understanding of the threats and best preventative strategies, here are some key trends to watch out for in 2021:
1. Employee fatigue
Working from home means many of us are now living online for between 10 and 12 hours a day, getting very little respite with no gaps between meetings and no longer having a commute. We’ll see more human errors causing cyber security issues purely driven by employee fatigue or complacency. This means businesses need to think about a whole new level of IT security education programme. This includes ensuring people step away and take a break, with training to recognise signs of fatigue. When you make a cyber security mistake at the office, it’s easy to go down and speak to a friendly member of your IT security team. This is so much harder to do at home now without direct access to your usual go-to person, and it requires far more confidence to confess. Businesses need to take this human error factor into consideration and ensure consistent edge security, no matter what the connection. You can no longer just assume that because core business apps are routing back through the corporate VPN that all is as it should be.
How to handle the long-term impact of Covid-19 on cloud security
2. Rush to the cloud; security playing catch up
Most companies in Europe had plans to move key business processes to the cloud over the next few years, but with the onset of the pandemic, this became the next few months. Rather than taking the time to recodify processes, an intermediary lift and shift step was added: the quick move. While the process may still be the same, the environment and security changes. Businesses, in 2021, are already planning stage two: recodifying to gain the real advantages of agility from the cloud, while security teams are still fixing the issues from the intermediary shift. This continuing migration at pace will lead to security gaps, and we’re likely to see more cloud security incidents until the shifts are completed and stability resumes, at least for a while.
3. eCrime takes advantage of GDPR compliance challenges in the cloud
It took most companies years to get their personally identifiable information (PII) ready for GDPR when it came into force in 2018. With the urgent shift to cloud and collaboration tools driven by the lockdown this year, GDPR compliance was challenged. As businesses try and regain control of PII in the cloud, expect cyber criminals to be looking to take advantage. We know from our Unit 42 research that cloud security is not often as strong as it should be, again the result of often accelerated shifts. In a recent Red Team exercise, one simple identity access management (IAM) misconfiguration allowed our researchers to compromise an entire cloud environment and bypass nearly every security control.
Should CEOs take responsibility for cyber-physical security incidents?
4. Privacy goes ever more local
We are seeing more of a focus than ever in Europe on privacy. Just one example of how significant this has become is a major smartphone company running TV adverts in the region highlighting its data protection capabilities. It’s not an upsell; this is simply becoming a core requirement. At the same time, we have the EU looking to build EU clouds, such as the Gaia-X project, that align to the broader EU cloud strategy. All of this highlights how high privacy is on the EU agenda. This will potentially make digital transformation strategies more complex in the longer term as either trends continue, focused on regionalising data, or more likely, there will be stronger separation between actual PII data and the metadata behind it. In an ever more globally connected world, privacy is driving many people to view data as a more local commodity.
5. SOC teams struggle with a new working environment and increased workloads
As many businesses look to reduce costs, one natural solution is to accelerate the digitisation of processes. This means evermore cyber security data coming back to the security operations centre (SOC). Add to this the shift we’ve already seen in telemetry as employees work remotely, and an increase from more new collaboration tools and cloud processes. Many SOC teams had also been used to using multiple screens for big data analytics, and regular team huddles to discuss complex issues; so the shift to work from home, often with one screen, has been tough for some. The teams keeping up will be the ones taking a data-driven ML/AI-based platform approach, helping them to be proactive against attackers trying to out-innovate them.
This past year has been challenging for everyone, both personally and professionally. As we look ahead to 2021, we should reflect on trends in attack methodologies, recognise changes across the threat landscape, identify what new technologies are emerging and offer a best guess about where things will be going forward, and where businesses should direct their attention, investment and efforts.