The COVID-19 pandemic has resulted in many changes in the working world. Vladimir M. Yordanov, Senior Director of Solution Engineering, Gigamon Asia Pacific, explains the cyberthreats which organisations now face and how to tackle them.
COVID-19 has had a dramatic impact on people’s lives, families and communities, across the world and throughout Asia Pacific.
Organisations and businesses are affected and having to adapt by changing the way employees work and collaborate; offices are closed, people are working remotely and services and applications have been shifted to the cloud.
Dependence and reliance on remote access and communications increased dramatically overnight. All these changes have brought new cybersecurity challenges and risks.
Yet the situation is hardly a precedent. Cybersecurity has captured the headlines and been a focus for governments, organisations and business for years. Back in 2007, researchers at the University of Maryland conducted a study on threat activity and concluded that hackers across the globe were launching attacks every 39 seconds. Thirteen years later this figure is even higher.
So, what can we expect on the cybersecurity front for the rest of 2020? How can organisations and businesses prepare for the new tomorrow? What challenges and attack types should they be ready for?
It is important to understand that with cyberattacks, the size of the organisation does not matter. According to the 2019 Verizon Data Breach Investigations Report, 43% of all breaches involved small businesses.
Following a review of cybersecurity threats that potentially target businesses, my company has compiled a list of the types we are most likely to see over the next year.
• Attacks on remote worker environment and endpoint security – Remote workspace and endpoint security is one of the top concerns of CISOs today. Remote workers often work with minimal security, missing out on the layered and sophisticated cybersecurity defences that the corporate office provides.
In addition, most end-users are not cybersecurity savvy and lack the assistance of office InfoSec support. So, they often miss the signs that indicate potential phishing attacks, common cybersecurity threats or an indication of compromise.
• Phishing attacks – Since the pandemic struck, phishing has increased 600% while nearly 78% of cyber espionage incidents in 2019 were related to phishing. Cybercriminals generally use phishing to steal employee usernames and passwords which enable attackers to masquerade as a legitimate employee and manoeuvre undetected through a company’s networks – either on-premises or cloud.
Attackers can steal data, plant malware or conduct other harmful actions without detection. They may use stolen corporate credentials themselves or sell the credentials to other threat actors.
In 2020, phishing attack numbers will continue to rise, with attempts now being launched through cloud applications, in addition to traditional emails. The implicit trust users have in their corporate cloud environments will inadvertently leave them more vulnerable to phishing tactics.
• Ransomware – 65% of global organisations reported a ransomware infection in 2019. In March 2020, ransomware attacks increased 148% according to VMware. Victims of the 11 biggest ransomware attacks (so far) have spent over US$144 million on ransomware clean-up costs, ranging from investigation to recovery, to added prevention and paying hackers ransoms.
Ransomware is pervasive because it is so effective and provides a relatively easy path for attackers, to achieve devastating effects. Ransomware kits are cheap and readily available on the dark web.
• Cloud Jacking – COVID-19 has accelerated Digital Transformation, notably with many organisations increasing cloud adoption and shifting more and more services and workloads into the cloud. The massive volumes of data being stored in the cloud make it top target for malicious actors.
While cloud computing and cloud storage often offer better security than on-premises solutions, organisations can’t assume that all data stored in the cloud is safe. Hackers have infiltrated cloud computing infrastructure and stolen data on many occasions. For example, the Capital One breach resulted in 106 million records being exposed.
In 2020 and beyond, attacks on cloud-based architectures will continue to rise. Misconfiguration will be the main reason for majority of the incidents according to the Sophos 2020 Threat Report. Another report from Trend Micro predicts that code injection attacks, either directly to the code or through a third-party library, will be used against cloud platforms.
• Mobile Malware – Mobile devices such as smart phones and tablets are now essential business tools. For many users they are the primary way of both communicating and doing business, and the volume of personal and corporate data stored on mobile devices increases daily.
In 2019, nearly 75% of people in the UK used their mobile devices for online banking. In March 2020, Juniper Research predicted that digital banking in the US would grow by 54% between now and 2024, as millennials and other younger consumers abandon traditional banking for digital and online banking.
As more critical and sensitive tasks are performed on smartphones, it is only a matter of time before mobile malware emerges as one of the most prominent cybersecurity concerns.
• IoT devices – It is estimated that by 2025 more than 75 billion IoT devices will be connected to the web. A Fortune Business report indicates that the IoT market is likely to grow to US$1.1 trillion by 2026.
Many of these devices lack sufficient cybersecurity protection, mainly because costs are too high for manufacturers to build in security measures at the device level. Cyberattacks targeting IoT devices could cost the US, an early IoT adopter, a staggering US$8.8 billion a year, according to the Irdeto Global Connected Industries cybersecurity survey.
The wide proliferation of IoT devices will entice a large number of complex cybersecurity threats. These can have devastating effects with dire consequences since many of the devices targeted will be used in healthcare, industrial and critical infrastructure systems.
• 5G – Operators and services providers continue 5G deployments globally with minimal or no impact from COVID-19. The 5G network faces security challenges brought by new services, architectures and technologies, as well as higher security and user privacy protection requirements.
With a large number of devices, high-connection speeds, low latency, large quantities of data and information, new services and architectures, comes an increase in the network attack surface and increased risk of an attack.
Attackers will have more potential entry points to exploit as they try to enter the 5G network to inflict damage: data extraction, unauthorised configurations, unauthorised data modifications and service disruptions to name just a few.
The impact of 5G security will likely be greater. Lateral or vertical movement of hackers within and across networks is not a new concept, but since 5G is centered on connectivity, high speeds and massive data, the potential consequences are magnified.
A successful attack could cause massive damage and deal a crippling blow for government, critical infrastructure, individual businesses and individuals.
The list discussed is far from complete. Several other serious security risks and threats need to be considered, such as insider threats, applications and data security threats, misconfiguration and denial of services.