By Ilia Sotnikov, Vice President of Product Management, Netwrix
Lots of pundits are speculating about what effects the COVID-19 pandemic will have on the economy, social behavior, politics, and related topics. Today, however, let’s focus on how the IT threat landscape is likely to evolve. I don’t envision a dramatic shift in the makeup of cybersecurity threats; rather, I predict an acceleration of important trends we have already been battling. Here are the key threats I predict will increase during the global lockdown and beyond.
More remote employees will mean more insider threats.
Remote work is here to stay. Some organizations will stay fully remote while others will make it optional, but all IT teams will have to adapt to the new reality of a larger remote workforce and lack of control over more endpoints and network devices.
From a cybersecurity standpoint, they will have to regard each remote worker as a potential threat, capable of both malicious actions of their own and negligence that opens the door to attackers getting inside the network. Therefore, organizations will have to develop new security strategies that reduce risk to an acceptable level, possibly using a zero-trust model. They will need to pay special attention to the security and privacy of sensitive data, for example, by enforcing measures to prevent this data from spreading across employee endpoints and cloud collaboration tools.
Online scams will increase.
Ecommerce and online services are experiencing massive growth today. Shops that weren’t selling online before were forced to change their business models, and consumers who weren’t shopping online had to learn new skills fast. When the lockdown is over, many consumers will keep this habit —along with their poor knowledge of (and attention to) cyber threats. Hackers will be ready and waiting, eager to commit fraud and steal personal and payment data.
To reduce risk, organizations will have to simplify their cybersecurity practices. In particular, they will need to eliminate complex jargon and antiquated interfaces. The value of clearly communicating security risks to customers and building in as many safeguards as possible will be higher than ever, and organizations need to start working on this as soon as possible. Since solutions will have to be simple and clear about security settings, the value of UI/UX will grow. Online services — from retailers to social media sites to cloud storage providers — will be under more scrutiny to enable secure settings by default, and some vendors will use advanced security options as a market differentiator.
Spoofing will go to the next level with deepfakes.
Hackers are already experts at sending emails in which they impersonate C-level management and ask employees to transfer money or provide access to sensitive data, and we’ve even started to see voice spoofing. With organizations now relying on video conferencing extensively, we are likely to see more hackers using live deepfakes to spoof video calls. While this is not something that will happen to the majority of organizations tomorrow, AI and neural networks are making deepfake tech not just possible but more widely available and affordable. There are multiple ways this technology could use, including deception using face recognition technologies, and even video-spoofing-as-a-service.
Organizations that will be using video conferencing for regular communication will be vulnerable to this new variant of cybercrime. To protect themselves, they will need to reshape their business processes, especially approval workflows for budget spending and data access. In addition, IT teams will need to increase the accountability of all employees, especially those with admin rights, to prevent illegitimate elevation of privileges.
The number of data breaches will increase.
Enabling employees to be productive from home and maintaining business operations has been a huge stressor for IT teams. The need for them to shift their focus to these priorities is giving hackers plenty of opportunities to hide their malicious activity long enough to cause serious damage. In addition, any AI- or ML-based security monitoring solutions that organizations had in place became useless instantly, since the dramatic changes in user activity patterns generated vast numbers of false-positive alerts. While this security intelligence and IT routines will adapt to the new normal in time, everything is likely to get crazy again when employees return to the office, and organizations will again be blind to suspicious activity that could lead to breaches until the solutions and IT teams can adopt again.
Indeed, almost all organizations are more vulnerable now than they were before mid-March. While the full impact is hard to predict now, we should expect a large number of reports of breaches from the start of the work-from-home trend and potentially lasting through 2021. To avoid being among the victims, organizations need a solid plan for addressing data privacy and security risks both now and when the remote working situation shifts again.
Organizations will move beyond passwords.
Password authentication is perhaps the weakest link in cybersecurity. The increased use of online services is forcing users to create new accounts, each with its own password. Faced with the challenge of remembering more and more complex passwords, users resort to reusing one or two passwords. This increases the risk of data breaches since credentials stolen from one organization become available on the dark web, and hackers to attempt to use them against other companies.
As a result, organizations will likely start adopting non-password authentication methods, such as biometric data like fingerprints or eye scans. This trend could increase the amount of personal data transmitted and stored online, as more organizations will be collecting biometric data for authentication. And of course, attackers will be looking for techniques to circumvent or hack any new authentication strategies, and it’s impossible to predict what they will come up with. Therefore, organizations need to have an adaptive risk management program and have security in mind every time they implement new services and technologies.
About the Author
Ilia Sotnikov is an accomplished expert in cybersecurity and IT management. He is Vice President of Product Management at Netwrix, provider of a visibility platform for data security and risk mitigation in hybrid environments. Netwrix is based in Irvine, Calif.