As happy as some of us might be to watch 2020 disappearing into the rearview mirror, we should first indulge in our annual look back to see what cybersecurity trends emerged. By learning from what worked and what didn’t, we can learn much about where things go from here.
“Putting aside all the horrific aspects of the pandemic, there were also some bright spots,” says Minneapolis-based cybersecurity specialist Rich Patterson. “Those bright spots were that so many advances and innovations came out of the adversity, and these innovations will be with us for a long time.”
Patterson says the distinguishing factor of pandemic innovations was their speed and this pace of innovation will have cybersecurity implications.
“Think about it: businesses and organizations were literally forced to reinvent themselves overnight. Vaccines were developed faster than ever. Remote learning infrastructure was created from scratch,” lists Patterson. These advances were happening anyway, but incrementally and slowly.
In addition to Patterson, Smarter MSP reached out to a variety of voices in cybersecurity and came up with this list of highlights and lowlights for 2020.
Work from home
The most significant impact of COVID-19 in 2020 was that while some businesses shut down entirely, many just moved to home (or remote). Cybersecurity specialists had to keep up with the sudden proliferation of home offices.
Almost overnight, instead of protecting one network on one campus, MSPs and others were forced to defend hundreds or thousands of individual sites, all with their vulnerabilities. Suddenly, baby monitors and IoT refrigerators became potential portals for hackers.
2020 will not soon be forgotten by anyone, but by remembering the #cybersecurity aspects and lessons learned, #MSPs can be prepared for whatever 2021 throws their way. #NewYear
“One of the good things that came from the work-from-home movement is the adoption of VPN technology. VPNs were gaining in popularity anyway, but they really took off during the pandemic, and that was good for cybersecurity,” noted Patterson.
School from home
Home-schooling took on a whole new meaning in 2020. Schools across the world shuttered, and suddenly, students found themselves taking tests online and trying to interpret Beowulf virtually. Student data once comfortably squirreled away on impenetrable campus networks were made potentially more vulnerable.
“I saw many creative cybersecurity solutions being implemented on cyber campuses. This was a win for MSPs,” stated Patterson.
Zoom from home
Suddenly, “Zoom” became a household term, and people were videoconferencing from their kitchen tables, walk-in closets, or living room sofas. The sudden immersion in videoconferencing may hasten the business trip’s demise as people realize they can get a lot done online.
But it also introduced cybersecurity dangers. People who didn’t activate security features sometimes found unwanted visitors in their meetings. MSPs will have to include secure video technology in service packages.
“What 2020 proved is that no matter how tough things get, cybercriminals are not going to go away; in fact, they’ll use chaos as cover to try to extort and extract,” predicts Patterson.
Hackers used COVID, racial unrest, stimulus payments, and the election to social engineer their way into peoples’ lives.
When specific topics dominate the headlines like they did in 2020, hackers get busier with their #phishing attacks. #CyberSecurity
“They do it because it works, so expect more of it. When news dominates the headlines, hackers get busier,” warns Patterson. In 2020 phishing evolved and innovated, providing its going to be around for the long-haul.
Traditionally, ransomware has involved hackers locking up an enterprise’s systems until someone pays the ransom and then releasing the data. But hackers are increasingly turning to blackmail and drip-drip-dripping information out there as a form of extortion.
And it works! That’s why ransomware attacks in the United States were up over 100 percent in 2020. Data has become currency, and hackers are perfectly willing to collect it and spend it.
For the first time, we’ve seen the arrival of deep-fakes as part of the portfolio of hackers. Video and audio, aided by AI, can be so realistic it seems indistinguishable from reality. And the outcome can be chilling.
The Wall Street Journal reported this at year’s end:
A scam involving an audio call to a CEO of a U.K. based energy company succeeded in extracting approximately $243,000 from the firm. The voice was enabled by artificial intelligence to sound real to the victim, who he believed he was speaking with his superior at the parent company.
The man was directed to make an urgent transfer of funds to a supplier of the firm. Follow up calls made the victim suspicious, so he declined to send more funds.
“This is scary because you’ve always been able to at least rely on the old-fashioned face to face visiting or at least voice-to-voice calls to verify, but if hackers succeed in creating an alternate reality complete with almost flawless voice mimicry, the results could be devastating,” warns Patterson.
2020 will not soon be forgotten by anyone, but by remembering the cybersecurity aspects and lessons learned, MSPs can be prepared for whatever 2021 throws their way. Next week, we’ll look at the prognosticators’ predictions.
Photo: Tharin kaewkanya / Shutterstock