Post-pandemic predictions for 2020
With the nation starting to open up again this week, companies are beginning to look at trends for the second half of 2020 beyond the pandemic. The following predictions are from data security expert Ilia Sotnikov, Vice President of Product Management at Netwrix. He reports that the rapid transition to remote office has shifted focus away from cybersecurity, enabling threat actors to take advantage of loosened security policies and has led to an increase in cyber-attacks. However, post-pandemic, Sotnikov predicts it will be the following trends that will have the biggest impact:
• Deepfakes will take spoofing to the next level. Emails impersonating C-level management and voice spoofing will continue, but the extensive use of video conferencing for regular communication will lead to a rise in a newer variant of this attack vector: video spoofing. We don’t expect deepfakes to become widespread soon, but AI and neural networks will make them more probable. To withstand this threat, organisations will have to reshape their approval processes, especially for budget and data access. In addition, IT teams will need to increase the accountability of all employees and prevent illegitimate elevation of privileges
• Organisations will move beyond passwords. As people flock to online services, re-use of passwords between services will increase, since users cannot remember dozens of unique passwords and are reluctant to adopt password management tools. To reduce the risk of breaches from compromised credentials, organisations will adopt non-password authentication methods, such as biometric data like fingerprints or eye scans. As the amount of personal data transmitted and stored online increases, organisations will need to implement adaptive risk management programmes and have security in mind every time they implement new services and technologies
• Attacks will go undetected in a flood of false alarms. The abrupt change to remote working has caused many security monitoring solutions to generate far more false positives, since they require time to adapt to the new normal. A similar spike in false alarms will occur when employees return to the office. Hackers will continue to use these turbulent time to launch attacks, knowing that organisations will be blind to their malicious behaviour. IT needs to remain vigilant and find ways to spot and investigate the true threats in all the noise.
• The insider threat will become even more pressing. With many organisations already planning to keep more of their staff working from home, IT teams will have to adapt to a larger remote workforce — which means a lack of control over a greater number of endpoints and network devices. Therefore, organisations need to develop new security strategies based on the zero trust model, including ways to prevent sensitive data from spreading across employee endpoints and cloud collaboration tools.
• Security by design and by default will become the norm. Use of online services — from retailers to social media to productivity tools — has exploded during the pandemic. Unfortunately, many users have little knowledge about cybersecurity threats, which makes them easy targets for online scams. To mitigate risk, organisations should clearly communicate security best practices, but they will also need to build in as many safeguards as possible. Indeed, every organisation offering online services will be under increased scrutiny to enable strong security and privacy settings by default, and some will use advanced security options as a market differentiator.
“Every crisis forces organisations to scrutinise where they are focusing their resources and efforts. While many IT projects can be suspended, a strong cybersecurity strategy remains vital. Automating cybersecurity tasks enables IT professionals to do more with less while reducing human errors and inconsistencies, which helps the organisation improve productivity, reduce operational expenditures and refocus the talent of their workers on more critical areas,” concludes Sotnikov.
This was posted in Bdaily's Members' News section by Netwrix .