Few would contest that the early months of 2020 saw organisations scrambling to get operations back to some normalcy. According to Statista for example, the number of employees working remotely peaked at 54% between April 24 to May 1 climbing from 25% by September. The 25% for the week of 25 September is still more than double the figures on 25 February which stood at 11%.
Not surprisingly cyber criminals saw an opportunity with the apparent unreadiness of many businesses, especially small and medium enterprises, for the mass shift to remote work. Verizon reported that a 58% increase in breaches in the healthcare industry.
FutureCIO spoke to Kumar Ritesh, CEO and founder at CYFIRMA, for an update on the cybersecurity landscape in Asia in 2021.
What was the biggest cybersecurity challenge for organizations that shifted to remote working this year?
Kumar Ritesh: Hackers have discovered, very quickly, that it is easy as well as lucrative to target employees working from home. Without the protection of the corporate network, remote workers remain vulnerable to social engineering tactics, phishing campaigns, VPN weakness, and porous home networks.
Cyber criminals now have a direct conduit into homes and devices. By capitalizing on people’s fear and anxiety, cybercriminals have been able to profit from scams, vaccine hoaxes, misinformation, and exploiting vulnerabilities.
The biggest challenge for businesses would be to urgently modify systems and processes to address access controls, intrusion detection, data management, and bringing cybersecurity awareness education to employees.
What were some notable shifts in the cybersecurity landscape this year that you did not see coming?
Kumar Ritesh: The cybersecurity landscape this year has been most interesting. Hackers have always targeted vulnerabilities in systems and software to access prized data and assets.
With the pandemic, threat actors have shifted their attack vectors to people and their weak IT configuration in their home environment. Here we refer to how remote workers have been tricked into releasing credentials and other sensitive information through social engineering tactics. Also, how hackers have exploited weak systems to install malware to steal sensitive corporate information.
This presents many new attack surfaces and digital risk which were never seen previously.
What are you expecting from threat actors next year? What do you think are some of the key targets that they will be setting their sights on?
Kumar Ritesh: 2021 will see the influx of new threat actors. Traditionally, cyberwarfare has been carried out by influential states. In 2020, we observed developing nations building cyber warfare capabilities and getting into the game of hacking to steal intellectual property to advance national interests.
State-sponsored cybercriminals are now actively involved in corporate espionage with competing nations, and at the same time, we are also witnessing the emergence of ‘hackers-for-hire’ where newly unemployed IT professionals are applying their tech skills to earn a quick buck.
Be it nation-state actors or opportunistic hackers, we expect financial services, manufacturing, and healthcare industries to continue being attractive targets for cybercriminals.
How important will digital risks be for CIOs in 2021? What will change from this year, in the next?
Kumar Ritesh: In the new ‘digital normal’, traditional perimeter defence is no match against the influx of cyber threats coming from all directions. Many businesses do not have a clear view of their attack surfaces, and even less understanding of their digital risk. We see several new developments which will impact the cyber landscape in 2021.
Geopolitical competition and alignment with superpowers will continue to magnify fault lines – US-Russia distrust, South China Sea and its claimants, China-India conflict, North and South Korean skirmishes. Nations-sponsored threat actors will drive the political agenda of their state masters leading to an increase in both volume and intensity of cyberattacks.
Remote workers coupled with legacy security set-up will continue to expand an organization’s attack surface in 2021. Cybercriminals have evolved their attack tactics to exploit remote workers who are the easiest and most vulnerable entry points into organizations.
This trend will continue given that many organizations continue to use legacy approach and security architecture, for example, VPNs and RDP, as enablers for remote working.
With zero-trust framework still not widely adopted, an increase in attacks is expected, with the ability to cause operational disruption, brand damage and financial repercussions.
Cybercriminals will escalate their ransomware attacks using three-phased modus operandi where they would infiltrate the network, exfiltrate and encrypt data, and demand ransom while threatening to ‘name-and-shame’ victims on public sites.
Ransomware-as-a-service (RaaS) will see an uptick where low-skilled hackers are able to rent ransomware code, customize it, and deploy in real-world attacks.
The emergence of deep fake technology presents a new risk to many organizations. The technology enables threat actors to disguise their identities and masquerade as politicians, celebrities, and authority figures. Hackers will leverage this technology to imitate faces and voices to extract not just data and assets, but also to influence perception and user behaviour.
The pandemic has brought on an onslaught of devices such as temperature screening, facial recognition, contact tracing, and location-tracking systems. These equipment collect important behavioural data that can be monetized to manipulate populations and communities. In 2021, corporate espionage will include theft of behavioural data as business rivals attempt to out-do one another.
What are three things businesses can do to prepare for an increasingly sophisticated cyber landscape in the new year?
Kumar Ritesh: Build basic level of cyber hygiene by focusing on 4 pillars - people, technology, process, and governance.
- Train employees on how to recognize cyber threats and risks, particularly social engineering tactics
- Incorporate layered defence approach by having data and endpoint security, and gateway-based security solution
- Use reputable anti-virus, web control, data loss protection and VPN solutions
- Perform threat profiling, creation of threat segmentation, zoning and risks containerization
- Design data management and protection processes where critical data is encrypted and vaulted with an air-gapped solution
- Ensure critical data is backed-up regularly with RTO (recovery time objective) and RPO (recovery point objective) clearly defined
- Incorporate a digital risk discovery and cyber-intelligence program to identify threats early and pre-empt impending attacks