A lot has changed in our personal and professional lives with COVID-19. What hasn’t changed, and in fact may be getting worse, is the threat from hackers and how they are using the chaos and uncertainty of the situation, as well as the resulting change in business models, to their advantage. Many organizations, and even government agencies, have seen a marked increase in malware and ransomware attempts. See how our outlook on 2020 cybersecurity trends has changed and what security preparation you should take as we transition to “new normal.”
It’s fair to say COVID-19 has changed nearly every aspect of our personal and professional lives. From visiting the bank to depositing a check to taking your family out for ice cream, even the most commonplace errands and simple measures have become complicated.
We also think that it’s fair to say that for most organizations the function of network security and InfoSec wouldn’t be described as simple in a normal setting. It’s hard work, requiring a lot of resources in time, tools, and manpower. But as we look towards the “new normal” of a post-COVID-19 workplace, the challenges and cyber security trends we predicted at the start of 2020 will be compounded by unexpected obstacles and rapidly escalating cybersecurity risks.
Let’s examine four fresh cyber security trends for the remainder of 2020 as we prepare for what’s next.
Hackers have found, and will continue to find, new ways to exploit the new normal, fast.
While crimes like automobile theft and home break-ins have declined significantly during the pandemic, the same is far from true when it comes to cybercrime. As we recently covered there is already evidence that hackers have increased phishing emails and other cyber attack attempts to breach the World Health Organization and companies focused on COVID-19 response. Rest assured it’s not to find out how they can help!
The truth is hackers understand that the post-Coronavirus workplace—one where more people and processes must occur remotely—will expose new vulnerabilities and widen an organization’s already broad threat surface. They will look to exploit as many as of these new weaknesses as possible before IT security teams and software providers can catch up. They will not slow down, which means the need for not only complete, but timely and extremely accurate enterprise-wide protection is greater and more urgent than ever.
Changes in infrastructure will alter your cybersecurity demands
In 2019 approximately 43 percent of Americans worked from home occasionally. As of May 1 this year 85 percent of Americans work from home full time. The unexpected and dramatic escalation in a remote workforce has placed undue pressure and exposed vulnerabilities in preparedness for a remote workforce in most organization’s IT security infrastructure, and it’s not likely to change anytime soon. Remote workers will be a defining factor in the new normal of enterprise-wide cyber security.
Why is this? Employees will be relying on home wifi, remote networks, personal mobile devices, and videoconferencing solutions on a daily basis, all of which increase the already sizable challenges, and threat surface, for IT security teams to monitor in order to keep their organization’s network safe and data secure. Some companies are even being forced to allow new hires to use their own devices in lieu of being able to provide a company-issued computer or laptop. These are obstacles no one predicted for this year.
Mobile and IoT security was already a concern and a top priority to address, but it is now mission-critical as organizations come to the realization that they are in this from the long haul. While many employees look forward to someday returning to an office environment, the truth is most employees will remain remote throughout 2020. Some companies, such as Facebook, have announced that employees that can be productive at home can do so indefinitely.
Expect to see cybercrime that comes with a mortality rate
Though it is grim to think about, the stark reality is that hackers are increasingly targeting healthcare organizations with ransomware and similar attacks. In 2019 it was believed that cyberattacks against U.S. hospitals led to an increase in heart attack deaths. While hackers did not technically cause lethal cardiac events in patients, they did inevitably slow treatment times for critical care, delays caused by doctors and nurses adjusting to new IT changes that came after a breach, ransomware attack, or other security incident.
Considering the mounting and unprecedented pressure on healthcare organizations fighting the pandemic, it is fair to say that any cyber attack could have massive implications, including an unforeseen death toll that is equally attributed to cybercrime as it is to Coronavirus.
Be prepared for an even great shortage of cybersecurity professionals
Economic and employment experts are still coming to grips with the impact of Coronavirus and what it will mean for the rest of 2020. What we do know—many organizations have had to make difficult decisions regarding staffing and, as described above, allowing so many employees to work remotely. Some of these decisions may have weakened their cybersecurity preparedness, processes, and response times.
At the same time, organizations looking to ramp up their IT security teams will find that process to be slower and more challenging. Remote placement and onboarding inevitably takes longer, and there continues to be a deep shortage of cybersecurity employees. As top IT security professionals are snatched up by larger organizations with better pay rates, it will be harder to find the right talent to fit your needs. Cyber security expertise will be at a premium.
Cybersecurity tools and processes need to take the lead
For all these reasons, making the right decisions regarding cybersecurity tools and systems are more critical than ever, as you will need your infrastructure to work harder for you. No longer can organizations rely on a mix of disparate systems that primarily monitor only the perimeter of the threat surface as only 20% of intrusions are detected this way. In addition, these tools can no longer function as “dumb” systems, generating volumes of intrusion alerts with no verification or prioritization. Expecting an analyst to inspect them all and make heads and tails of them is ineffective to say the least.
Even though 2020 has taken an unexpected turn, all is not lost. While we didn’t develop our cyber security solutions with a pandemic in mind, we knew that the approach to cybersecurity needed to change. It is for that reason ARIA Cybersecurity solutions are built to work seamlessly with and improve the effectiveness of leading IT security tools such as SIEMs, SOAR and IDS/IPS.
To do this they can be easily dropped into any environment using RESTful APIs and other means. We focus on the internal network, especially the east-west traffic, since this approach closes the many blindspots that are difficult to monitor even with a full team, and improves coverage of the digital attack surface and network threats by as much as 80 percent.
In addition, we leverage AI and machine learning to make threat detection and the disruption of cyber attacks automated and intelligent. By understanding the behaviors of common cyber threats—ransomware, malware, brute intrusions, and more—our solutions identify and verify those patterns, enabling organizations to shut them down before harm is done.
While these revised 2020 cybersecurity trends and predictions are based on what we know right now, a lot can change as we continue to try to understand the long-term impact of COVID-19. But rest assured ARIA Cybersecurity will work with you to achieve the highest level of security preparedness and network protection.
About ARIA Cybersecurity Solutions
ARIA Cybersecurity Solutions recognizes that better, stronger, more effective cybersecurity starts with a smarter approach. Our solutions provide new ways to monitor all internal network traffic, while capturing and feeding the right data to existing security tools to improve threat detection and surgically disrupt intrusions. Customers in a range of industries rely on our solutions each and every day to accelerate incident response, automate breach detection, and protect their most critical assets and applications. With a proven track record supporting the Department of Defense and many intelligence agencies in their war on terror, and an award-winning portfolio of security solutions, ARIA Cybersecurity Solutions is committed to leading the way in cybersecurity success.