By: Nilesh Jain, VP, SEA and India, Trend Micro
When the COVID-19 pandemic hit, organizations had to reckon with this reality – and fast. It has brought to the fore sobering reminders of perennial issues and neglected warnings that have beset cybersecurity for years. How are sectors equipped or prepared for such scenarios? Here are some of our predictions.
- Threat actors will turn home offices into their new criminal hubs
Home networks will also become launch points for threat actors looking to hijack machines and jump to other devices in the same network, aiming to gain a corporate foothold. Malicious actors will either take advantage of installed software or unpatched vulnerabilities — hopping from one remote worker’s machine to another until it finds a suitable target. This chain attack will spread to other users downstream.
Employees who remotely access confidential and critical information (e.g., human resources, sales, and tech support) will also be actively targeted by data-stealing attacks in 2021.
- Contact tracing will have malicious actors directing their attention to users’ gathered data
Rapid access to data could be crucial in fighting the outbreak but easing data privacy measures leads to problems of its own. Big databases, along with hasty implementations, are rich targets for malicious actors looking to compromise collected and possibly retained data. Cybercrime groups can abuse this in different ways, including extracting identity information and selling it in the underground.
- Critical class bugs enter the scene
Critical class bugs can render a platform or site unusable. Vulnerabilities related to Microsoft Teams, as well as SharePoint, Office 365, and Exchange, will be sought after in 2021. Processing potentially sensitive information in these collaboration software platforms will be a major concern for organizations with increased remote workforces, particularly in regulated industries such as financial services and healthcare.
Where does this leave us?
Organizations should focus on creating security-based company policies and an incident response plan that covers the perimeter of their operations. This will harden services, workstations, and corporate data while empowering businesses to work remotely. Refrain from putting implicit trust in assets or user accounts regardless of the location.
An incident response plan will have to outline how an organization would deal with security in a network with discrete machines. Companies should advise work-from-home employees on home router and internet of things (IoT) security, as well as the use of a virtual private network (VPN).
Trend Micro’s security predictions for 2021 reflect our security experts’ research and insights on emerging technologies and security issues. To gain further insight into our 2021 predictions, read our full report here.