The global pandemic of 2020 definitely will be an event to remember in the future. The experts in cybersecurity looked through what we've learned in the past 12 months and also came up with some predictions for the upcoming 2021.
Security trends that appeared due to COVID-19
In 2020, high-level vulnerabilities affecting VPN vendors became widespread, and these vulnerabilities are exploited in several ways by hackers. Depending on the VPN settings and for those who do not tunnel all traffic, the perimeter now includes home equipment in many cases and involves family members as well. As bandwidth requirements increase for full tunnel deployments, organizations may shift to less secure options due to the essentials and pace of business change.
Another concept that has been completely turned on its head is the Bring Your Own Device (BYOD) – instead of bringing their own devices to the offices, employees now are bringing work devices to their homes. It makes it a lot more difficult to make sure that workers are using their personal network at home for work purposes. Because staff use work programs, such as Office365, to check personal emails, the risk of data leakage increases a lot, making it a growing concern for 2021 and years to come. So, it is important that organizations plan for worst-case scenarios and understand their complex attack routes, including insider threats and human error in 2021.
Persistent threat trends
2020 was a year of shifting in trends, where ransomware groups figured out a way how to go unnoticed before they can infect the enterprise networks, meaning the hacking comes before the spread of malware. Thus, it is important that business security awareness becomes the main priority, which includes preventing users clicking on malicious links and downloading malware. Plus, fixing known vulnerabilities in old software will help prevent ransomware.
Sadly, it is not the only problem that will evolve in 2021. Another main problem is, of course, is phishing in all its forms. As working from home becomes more and more popular, the risk for homeworkers to let their guard down and create a breach by clicking a malicious link or email, let’s say, by accident, is highly raising. This makes it easier for hackers to steal the data from those who work from home and sit away from the secure firewalls of the office environment. In 2021, one of the most important goals of many companies will be providing to its employees the knowledge they need to identify and reflect phishing threats.
New security trends
Covid-19 has accelerated the movement in cloud computing, which has developed rapidly even before the pandemic. Now that businesses have reaped the benefits of flexibility, agility, and pay-per-use, the pace of cloud adoption will accelerate over the next year. But challenges remain in terms of security, compliance and cost control. With the push towards cloud computing and the availability of enormous compute power, it is expected that attacks that compromise cloud instances and will speed up in 2021.
Application threats will continue to be the main external source of attacks, leading to more organizations adopting DevSecOps. eLearning for development teams will become increasingly popular and will become an essential component of a secure SDLC. Looking at the various bug bounty programs since 2020, almost all of the risks reported and rewarded were from apps. Understanding the attack surface of your web applications will be key to preventing vulnerabilities and subsequent data breaches.
The security skills gap has been a main challenge for years and the need for skilled security resources has been further worsened by the pandemic. We will see a growing trend to outsource security operations to Managed Service Providers (MSSPs) as a way to save time and fill skill gaps, especially for vulnerability management and security monitoring.