ALPS blog

Safety 2021: In the sign of changing work processes

By Trend Micro Research

As the end of the year approaches, organisations need to shift their focus for 2021 to strategies in key areas. In response to the Covid 19 pandemic, organisations have been forced to rethink their operational and security processes – from business functions and cloud migrations to teleworking support. These current threats, along with constant security risks, have not only challenged companies in 2020, but also raised questions about their vulnerability to disruption. Trend Micro has set out the trends and predictions for 2021 that security professionals and decision makers should keep in mind when considering.

Home offices as a criminal hub

As home office work becomes the norm, homes will be transformed into offices for the foreseeable future. More and more employees are using devices (some even personal ones) to access confidential data on home and corporate networks. This poses a significant risk to any organisation because without secured access and robust security tools protecting the distributed attack surface, threat actors can easily hack into networks and jump from one machine to another until they find a suitable target.

In 2020, the shift to distributed work also rebalanced the use of devices and software. Cybercriminals follow users and take advantage of the users’ situation and behaviour in their attacks. They are always on the lookout for security vulnerabilities and mercilessly exploit the weaknesses, lack of preparation or poor security support of remote workers.

Routers will be prime targets for remote attacks. Cybercriminals can offer hacked routers as a new service, selling access to lucrative networks. Security researchers assume that it is also possible to apply the same methods to converged IT/OT networks.

Dealing with valuable corporate assets will also be a challenge in 2021, as organisations will need to fend off intrusion attempts and malware infections and secure all sensitive information. Virtual private networks (VPNs) allow secure connections to workstations, but if they are outdated (or have unpatched vulnerabilities that could trigger remote attacks), they prove inefficient and a weak link for many organisations. Without detailed security policies and incident response plans in place, attackers can target remote workers as ideal entry points into corporate ecosystems.

Covid-19 as bait for malicious campaigns

Cybercriminals have been quick to use the problems caused by the pandemic to launch their attacks, including phishing and ransomware. They rely on social engineering tactics to spread spam, business email compromise (BEC), malware and malicious domains.

Threats will continue to try to gain a foothold in target systems. And there is no shortage of threats that cybercriminals can use in conjunction with Covid-19 to do so. They will also turn their attention to tests, treatments and vaccines, and exploit the fears associated with the Corona virus through misinformation. Healthcare organisations, as well as pharmaceutical companies developing vaccines, will also be further pressured. Threat actors can compromise patient data, launch malware attacks or facilitate medical espionage.

Digital transformation may become a double-edged sword

The business disruption caused by the pandemic has spurred many companies to accelerate their digital transformation programmes. From a technology perspective, this comes in handy in solving current needs that cloud-based software can fulfil. Many have advanced connectivity among employees, embraced AI-enabled applications for business productivity and increased use of the cloud to become more agile and scale better.

But those who hastily moved away from on-premise environments without having appropriate security solutions for the new environments will be in trouble. The increased trend in cloud environments and tools for collaboration will be very attractive to attackers. And researchers but also threat actors will focus on vulnerabilities regarding remote working technologies. The “cloud of logs” that companies create and store will also play a central role for professional cybercriminals. They will look for and use valuable data there to find initial access points to networks.
The emerging changes in the threat.

Handling valuable corporate assets will also be a challenge in 2021, as organisations will need to fend off intrusion attempts and malware infections and secure all sensitive information. Virtual private networks (VPNs) allow secure connections to workstations, but if they are outdated (or have unpatched vulnerabilities that could trigger remote attacks), they prove inefficient and a weak link for many organisations. Without detailed security policies and incident response plans in place, attackers can target remote workers as ideal entry points into corporate ecosystems.

Covid-19 as bait for malicious campaigns

Cybercriminals have been quick to use the problems caused by the pandemic to launch their attacks, including phishing and ransomware. They rely on social engineering tactics to spread spam, business email compromise (BEC), malware and malicious domains.

Threats will continue to try to gain a foothold in target systems. And there is no shortage of threats that cybercriminals can use in conjunction with Covid-19 to do so. They will also turn their attention to tests, treatments and vaccines, and exploit the fears associated with the Corona virus through misinformation. Healthcare organisations, as well as pharmaceutical companies developing vaccines, will also be further pressured. Threat actors can compromise patient data, launch malware attacks or facilitate medical espionage.

Digital transformation may become a double-edged sword

The business disruption caused by the pandemic has spurred many companies to accelerate their digital transformation programmes. From a technology perspective, this comes in handy in solving current needs that cloud-based software can fulfil. Many have advanced connectivity among employees, embraced AI-enabled applications for business productivity and increased use of the cloud to become more agile and scale better.

But those who hastily moved away from on-premise environments without having appropriate security solutions for the new environments will be in trouble. The increased trend in cloud environments and tools for collaboration will be very attractive to attackers. And researchers but also threat actors will focus on vulnerabilities regarding remote working technologies. The “cloud of logs” that companies create and store will also play a central role for professional cybercriminals. They will look for and use valuable data there to find initial access points to networks.

The emerging changes in the threat landscape should not deter organisations from implementing new technologies and facing the current reality. Threat actors will try to exploit the situation, regardless of the current landscape. With appropriate security strategies and solutions, organisations can reap all the benefits of digital transformation without putting themselves at significant risk.

Interested parties can find the full report with predictions on key security trends here: “Turning the Tide: Trend Micro Security Predictions for 2021“.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Featured News