The tumultuous events of 2020 shifted our lives even further online impacting the way we live, work and play. Against this backdrop, cybercriminals began to capitalise on our increasing digital reliance, with a study by Forrester Consulting commissioned by Tenable showing that 44% of business-impacting attacks came in the form of Covid-19 phishing incidents. This trend will only continue into 2021, as cybercriminals learn and evolve their tactics.
As organisations look into the proverbial crystal ball for what 2021 will look like, there are several key areas that will need to be considered by business and security leaders in order to stay secure.
Cybercriminals will look to grab a bigger piece of the PII
Nearly every interaction we had for months on end took place virtually – from telemedicine to graduations and collaborating with colleagues. Undoubtedly, an enormous amount of personally identifiable information (PII) and sensitive information were shared, used and stored online. While PII has always been attractive to cybercriminals, the events of 2020 have given attackers more avenues to access it.
With Australian organisations establishing new hybrid working models, the opportunities for attackers to gain access to PII will increase. Therefore, it’s essential for business and security leaders to prioritise privacy and security to protect their employees and their business.
Establish zero-trust network models
Until March this year, many organisations kept their IT operations and systems safely behind well-designed and carefully managed security infrastructures. The pandemic accelerated the move towards hybrid working models. As part of this new work order, employees will continue working from untrusted and unmanaged personal networks, as well as use a range of personal and company-owned devices.
This will lead to zero-trust models becoming the norm. With the notion that no one or device is trusted by default, IT end-points must be self-reliant. Business leaders can use zero-trust to ensure that endpoints are free of vulnerabilities and can defend themselves against attacks.
Active directory management tools are also useful. They ensure privileged access and user permissions are controlled at all times, as well as boosting efficiency by eliminating manual processes.
Accelerate cloud protections
2020 has seen a massive acceleration in migration towards cloud-based applications and Software-as-a-Service. A recent study from McKinsey & Company found that it took just 23.2 days to increase migration of assets to the cloud – prior to the pandemic, this would have taken 547 days. This migration will continue well into 2021 and organisations need to put greater security controls in place, to build a cloud fortress.
Although cloud vendors are responsible for maintaining the security of the overall application, it is up to business leaders to ensure that the settings for their organisations are correctly configured and maintained for the specific requirements of their businesses.
The opportunities and risks that come with 5G
In the new year, 5G will bring Australians boundless opportunities as it gives us new ways to connect and elevates the standard for securing disparate infrastructure. Wide adoption combined with increased network speed and reach will also mean a successful attack may ripple through systems more rapidly.
As more devices are brought online than ever before, there will be more convergence among IT and operational technology. With data continuously flowing through potentially vulnerable 5G infrastructure, business leaders will need to learn lessons from cloud adoption and embrace a shared risk responsibility to close the cyber exposure gap and avoid creating an advantage for attackers. Business leaders and service providers will need to lock arms to prioritise security measures and build an ecosystem of trusted vendors to combat new and emerging threats.
A new world to navigate
As tentative steps towards life post-COVID are taken in Australia, it’s critical that business leaders not forget the lessons we were forced to learn in the height of the pandemic. While the benefits of new and innovative technologies make both our business and personal lives easier, the importance of maintaining a high standard for cybersecurity remains. Business leaders must continue to remain vigilant to protect themselves, their employees and their business.
Scott McKinnel, ANZ Country Manager, Tenable