Cybercriminals continue to evolve, as they look to take advantage of business changes due to the global pandemic. Most people and organisations hoped that things would go back to normal, just a few months after the first lockdowns started to occur all over the world, but unfortunately, that wasn’t the case. As we’ve witnessed this pandemic drag on for another year, we’ve also seen an increase in the number of cybersecurity attacks aimed at companies and individuals alike. Below are 8 of the top cybersecurity predictions, for this year.
Patch Management Vulnerability
Patch management is basically a description of the process of applying and distributing updates to applications. These patches are administered out of necessity, typically to plug known security vulnerabilities. As a result, patch management must be maintained continuously to safeguard an application during its life cycle. Meanwhile, hackers are on the lookout for venerable software that they can exploit. When you mix standardization with patch management, you ensure a process that is predictable and repeatable, one that minimises resources, time and threats.
The Internet Becoming an Even Larger Interconnected Service Factory
One thing that is obvious, is our shift towards APIs for web applications, with many organizations taking different services and positioning them in various interconnected clouds. This is essentially the start of a whole host of interconnected services, from central clouds to the edge, essentially creating a fully fleshed out hierarchy. One of the main threats of this developments is that the whole system can be impacted from just a single component failure. When you centralise, such in the case of cloud providers like Amazon Web Services, this increases the chances of large scale outages. So we can expect to see more of this in the near future.
Security Operations Centres as a Service
A security operations centre (SOC) has the sole task of providing real-time detection, monitoring and response. The vast majority of companies that want to protect themselves from cybercriminals, will lack the necessary resources to actually create their own internet SOC, instead opting for a SOC as a service, which they’ll usually have to pay a monthly subscription to maintain.
Ransomware Attacks on the Rise
We can expect the sophistication and scale of ransomware attacks to grow and become more prominent throughout the year.
We have already witnessed an increased number of attacks on market sectors previously untapped, such as the health sector. The kind of damage these ransomware attacks is causing has also changing. We are seeing that many of these extortionists look to release the content that they steal to the public domain, rather than simply lock away, in the event that a ransom is not paid.
To make matters worse, we are also seeing a greater amount of AI use in these ransomware attacks, as cybercriminals look at launching more sophisticated and coordinated attacks, in order to get around detection software. However, despite AI presenting itself as a part of the problem, it’s also able to provide part of the solution, as it’s enhanced in such a way to be able to better detect and flag such behaviours. Before it leads to an attack.
Fake News Becoming More Prevalent
This is something we’ll need to get used to, as there’s no real solution to it. Many companies, such as Twitter and Facebook have implemented measures such as AI (deep learning), in order to effectively tackle it, however, those technologies are still lacklustre at properly detecting and removing such content. The main problem is that in order for AI to be effective, it must have historical data to draw from. Something, that in many cases, isn’t always available. Because of this, we tend to see quite a great deal of false positives. Unfortunately, although defenders may care about false positives, attacks do not. When one of their fake campaigns is detected, they simply move onto the next one. In the future, artificial intelligence is going to need to improve a great deal, in its ability to deep learn, in order to effectively tackle this problem.
Weak Bring Your Own Device Policies
If a company implements the BYOD (Bring Your Own Device) policy, but is not clear cut about it, it can do more harm than good. Even if a company does have a good BYOD policy, the onus is on the company to ensure it is properly implemented. That employees are properly communicated to, as the company does not want to create more vulnerabilities for themselves. This especially becomes true, when a device is stolen or lost, or when a malicious application is installed or a network is insecure. There are many things to consider, when it comes to BYOD.
Healthcare Organizations Facing Significant Risks
PHI or Protected Health Information, is essentially personal health information that is capable of identifying a person that was either used, created or disclosed during the process of administering healthcare to said person. Such records can go for hundreds of dollars, making them one of the most sought after and typically most targeted.
5G Creating More Potential Vulnerabilities
As we witnessed 5G technology start to mature, with telecommunications companies rolling them out, we can expect new security concerns to unfold, as a result.
Among the many reasons, we can expect these vulnerabilities to occur due to an increase in the number of insecure IoT devices that many manufacturers are now rushing to market. As well as critical national infrastructure not meeting security requirements. We can expect 5G security to remain a global security concern for the next couple of years. The end result will be many enterprises having to revisit their old security strategy, for both untrusted and public mobile networks.
Because of the many opportunities that 5G provides, this is something that many organisations can and will not ignore. With that said, if they must, and they will, implement, they need to be cautious. The best approach would be to adopt a secure-by-design, when looking at different ways they can explore and take full advantage of the 5G network.