The consumer hop: With so many working from home, the weak point becomes what else could act as a bridge to the secured business device. Many homes may have between 20 and 50 things connecting to home Wi-Fi hubs, with the increase in smart home devices, including doorbells, TVs, digital assistants, as well as a plethora of family phones, tablets, wearables, and computers. Our recent IoT security research report found more non-business devices are coming onto networks, with everything from connected teddy bears to medical devices and electric vehicles now needing to be secured alongside business IoT. We’ve also seen security policies being relaxed with the need to allow staff to use their devices at home, for example, enabling USB ports to allow home screens and printers, or other requirements. All of this means the end device and those things around it become bigger risks of access into a business’s critical systems and information.
Investment fraud increases: Be it small business or consumers, so many are finding times incredibly tough financially during the COVID-19 crisis. Cybercriminals sadly prey on such circumstances, and in times of desperate need, people are more susceptible to click on scams in the hope that the offer of loans, payment holidays, and other financial opportunities that we would, in hindsight, recognise as too good to be true. So much of cybercrime succeeds through psychology; where there’s an emotional need, cybercriminals will exploit it.
Criminals target new or modified touchless processes: As we’re looking to reduce our risk of infection in every aspect of life, we’re seeing increases in contactless payment limits, but also other methods, such as QR codes, being used to reduce points of touch. Our Unit 42 threat intelligence team has uncovered examples of QR codes being exploited, and seen increasing discussions and tutorials on how to abuse QR codes in underground forums. We should expect to see criminals continue to focus on immature contactless processes or changes to mature trusted ones where criminals can either intercept financial transactions or compromise systems to gain identity or other personal information.
Employee fatigue: Working from home means many of us are now living online for between 10 and 12 hours a day, getting very little respite with no gaps between meetings and no longer having a commute. We’ll see more human errors causing cybersecurity issues purely driven by employee fatigue or complacency. This means businesses need to think about a whole new level of IT security education programme. This includes ensuring people step away and take a break, with training to recognise signs of fatigue. When you make a cybersecurity mistake at the office, it’s easy to go down and speak to a friendly member of your IT security team. This is so much harder to do at home now without direct access to your usual go-to person, and it requires far more confidence to confess. Businesses need to take this human error factor into consideration and ensure consistent edge security no matter what the connection. You can no longer just assume that because core business apps are routing back through the corporate VPN that all is as it should be.
5G and edge computing could catch some napping: With the debates on which hardware can be used where, and of course, all the other challenges we have faced in 2020, 5G, edge computing and, to some degree, IoT have not been at the forefront of businesses’ minds. Yet in the background, huge investments are being made for 5G’s deployment, and due to the delays, when it happens, expect the ramp-up to be faster. 2021 will be the year we see cybercriminals really probe these spaces to see the art of the possible, as by 2022, more than a third of operators will have 5G networks in place in Europe, according to survey data from Enea. What’s more, with the changing working environment, expect to see private 5G networks springing up to enable collaboration spots for staff in redesigned office working spaces.
Rush to the cloud; security playing catch up: Most companies in Europe had plans to move key business processes to the cloud over the next few years, but with the onset of the pandemic, this became the next few months. Rather than taking the time to recodify processes, an intermediary lift and shift step was added: the quick move. While the process may still be the same, the environment and security changes. Businesses, in 2021, are already planning stage two: recodifying to gain the real advantages of agility from the cloud, while security teams are still fixing the issues from the intermediary shift. This continuing migration at pace will lead to security gaps, and we’re likely to see more cloud security incidents until the shifts are completed and stability resumes, at least for a while.
SOC teams struggle with a new working environment and increased workloads: As many businesses look to reduce costs, one natural solution is to accelerate the digitisation of processes. This means evermore cybersecurity telemetry coming back to the security operations centre (SOC). Add to this the shift we’ve already seen in telemetry as employees work remotely and an increase from more new collaboration tools and cloud processes. Many SOC teams had also been used to using multiple screens for big data analytics, and regular team huddles to discuss complex issues; so the shift to work from home, often with one screen, has been tough for some. The teams keeping up will be the ones taking a data-driven ML/AI-based platform approach, helping them to be proactive against attackers trying to out-innovate them.
Shadow IT in OT intensifies: As the digitisation of Operational Technologies (OT) accelerates, mostly bound by legacy OT systems and IoT, finding and stopping shadow IT will continue to be a challenge. The energy industry is expanding the usage of IoT sensors and the identification, classification, and protection will take precedence albeit using concepts like Zero Trust to reduce the risk of breaches or sabotage. SOCs are merging between IT, OT and IIoT. Some did this a few years ago, but as more Energy/Utilities deploy IoT, IIoT and OT than ever, many more will need to consider, post COVID-19, merging their SOCs.
Cybercriminals love current affairs: Cybercriminals will always flock to exploit the latest global trend or news item. We’ve seen this throughout 2020 around the pandemic with widespread use of virus-related themes, such as COVID-19-themed business email compromise campaigns, and on average 1,767 high-risk or malicious COVID-19-themed domain names being created every day. With the Brexit transition period ending December 31, there will be a flurry of news as well as a desire for information on how it impacts both our personal and business lives. From December into 2021, we have to expect to see scams, misinformation, and attacks leveraging what is such a significant change not just for UK residents but many across the EU too. We might see fake websites springing up around the forms that businesses will need to complete to hire employees from the EU, for example. Brexit will also mean that so many business processes will have to change (e.g., applying for more export licences). There will be a big rush to do this, and we’re likely to see mistakes along the way, which could open up unnecessary risks and further opportunities for cybercriminals.
Commenting on the 2021 cybersecurity predications, Haider Pasha, Chief Security Officer at Palo Alto Networks, Middle East and Africa (MEA), said: “The year 2020 coupled with the global pandemic altered many aspects of life for organisations and individuals in unprecedented ways, including the way we work, live, and do business in the Middle East. In the upcoming year, technological advances including the growth of 5G networks, cloud, edge computing and touchless interfaces will give rise to new types of security vulnerabilities and threats. However, with the right cybersecurity strategies in place, IT heads in the Middle East are well equipped to cover all the bases and overcome the next set of challenges in 2021.”