The rapid transition to remote office has shifted focus away from cybersecurity, enabling threat actors to take advantage of loosened security policies
Organizations will move beyond passwords and adopt non-password authentication methods, such as biometrics in 2020 and beyond, according to Netwrix’s study, outlining the cybersecurity trends. Although the massive transition to remote work in response to the global pandemic has led to an increase in cyber-attacks, Netwrix experts don’t envision dramatic shifts in the cybersecurity threat landscape. Instead, they identify the following trends that have accelerated and will have the biggest impact on organizations:
The insider threat will become even more pressing
With many organizations already planning to keep more of their staff working from home, IT teams will have to adapt to a larger remote workforce — which means a lack of control over a greater number of endpoints and network devices. Therefore, organizations need to develop new security strategies based on the zero trust model, including ways to prevent sensitive data from spreading across employee endpoints and cloud collaboration tools.
Security by design and by default will become the norm
Use of online services — from retailers to social media to productivity tools — has exploded during the pandemic. Unfortunately, many users have little knowledge about cybersecurity threats, which makes them easy targets for online scams. To mitigate risk, organizations should clearly communicate security best practices, but they will also need to build in as many safeguards as possible. Indeed, every organization offering online services will be under increased scrutiny to enable strong security and privacy settings by default, and some will use advanced security options as a market differentiator.
Deepfakes will take spoofing to the next level
Emails impersonating C-level management and voice spoofing will continue, but the extensive use of video conferencing for regular communication will lead to a rise in a newer variant of this attack vector: video spoofing. We don’t expect deepfakes to become widespread soon, but AI and neural networks will make them more probable. To withstand this threat, organizations will have to reshape their approval processes, especially for budget and data access. In addition, IT teams will need to increase the accountability of all employees and prevent illegitimate elevation of privileges.
Attacks will go undetected in a flood of false alarms
The abrupt change to remote working has caused many security monitoring solutions to generate far more false positives, since they require time to adapt to the new normal. A similar spike in false alarms will occur when employees return to the office. Hackers will continue to use these turbulent times to launch attacks, knowing that organizations will be blind to their malicious behavior. IT needs to remain vigilant and find ways to spot and investigate the true threats in all the noise.
Organizations will move beyond passwords
As people flock to online services, re-use of passwords between services will increase, since users cannot remember dozens of unique passwords and are reluctant to adopt password management tools. To reduce the risk of breaches from compromised credentials, organizations will adopt non-password authentication methods, such as biometric data like fingerprints or eye scans. As the amount of personal data transmitted and stored online increases, organizations will need to implement adaptive risk management programs and have security in mind every time they implement new services and technologies.
“Every crisis forces organizations to scrutinize where they are focusing their resources and efforts. While many IT projects can be suspended, a strong cybersecurity strategy remains vital. Automating cybersecurity tasks enables IT professionals to do more with less while reducing human errors and inconsistencies, which helps the organization improve productivity, reduce operational expenditures and refocus the talent of their workers on more critical areas,” said Ilia Sotnikov, VP of Product Management at Netwrix.