With the business world in a massive state of upheaval, corporate security professionals need to revamp their strategies and tactics to reduce the risks of cyber attacks.
To help them make these changes, I am sharing five more predictions for how the security industry will change over the next year. These five predictions build on the five predictions I provided in a recent post.
Prediction One: Ransomware and Phishing Attacks Will Increase by at least 30-to-50 Percent in Remote Working Arenas
Over the past several years, ransomware and phishing have been widely used by cybercriminals because they’re effective.
During the next 12 months this trend will continue with ransomware and phishing attacks rising by at least 30-to-50 percent in remote working arenas.
According to a Wall Street Journal PRO Research survey of nearly 400 companies, more than two-thirds (78 percent) of companies view ransomware as high risk, but only 70 percent believe they are well prepared to cope with such crimes.
Employees will be more susceptible to phishing emails
While it’s hard to imagine that phishing activity could actually increase, new opportunities (for lack of a better term) like Covid-19, bring about fresh low hanging fruit for the bad actors to prey on. It doesn’t take much, something as simple as sending emails to employees with fake messages such as “click on this link to learn more about the coronavirus.”
According to a CNBC Technology Executive Council report, phishing and other cyber scams are rising by 40 percent in some instances – and could be even higher.
“We’ve definitely seen an uptick in COVID-19 phishing attempts that are making emotional appeals and using the crisis to drive urgency,” said Tom Hale, SurveyMonkey president.
To minimize the damage of these ransomware and phishing attacks, companies should give their employees training in how to spot and avoid them.
Companies that don’t will likely be victimized more often.
Prediction Two: Employees Will be the Weakest Links in Corporate Cyber Security
Shocker, right? No, not really, but like Phishing, this one continues to only get worse and with the work from home environments in play now, it’s game on.
Rogue employees are also going to be a bigger threat to businesses during the next year. According to a Wall Street Journal survey, more than two-thirds (67 percent) are concerned about malicious employees instigating cyber crimes.
Desperate times cause desperate measures.
Security professionals need to make sure employees are well trained in spotting phishing and ransomware schemes. They also need to be vigilant and quick in identifying employees focused on committing cyber crimes against their own companies.
Employees will need to carefully abide by their company’s teleworking security plans and use secure corporate networks.
Security professionals who don’t pay close attention to employees are more likely to get attacked.
Prediction Three: Alternative Password Methods Will Increase by 30-to-50 Percent
Password vulnerabilities are a huge problem. According to an article in Swoopnow.com, security experts claim that 90 percent of passwords are hackable.
Cyber criminals acquire corporate passwords and inflict damage.
Senior management and employees often push back on password policy, but simple changes and short term impact of those, can provide higher risk mitigation, such as…..
More use of two- and three-factor authentication
In the next 12 months, for example, employees will be using two- and three-factor authentication methods to enter their corporate systems.
More companies will stop using passwords
As an alternative strategy, Microsoft and Google are allowing employees to login without passwords using alternative and more secure techniques, according to an article in TechRepublic.
Alternative methods that will increase in the next year will include biometrics and behavioral recognition.
Over the next year, security professionals must invest more in learning about and using alternative authentication methods.
If they don’t, it’s likely their companies will be victimized by more cyber attacks.
Prediction Four: IoT Devices Used by Remote Workers Will Be Attacked More Often By Bad Actors
Internet of Things (IoT) devices used by remote workers, such as smartphones, will be attacked by cyber criminals more this year than in any previous year. This is because workers will be using these devices more often to conduct business.
Home routers and Wi-Fi networks will also be attacked by criminals because they have weaknesses and gaps that criminals can exploit.
Security professionals need to make sure employees are aware of the IoT devices they are using and the need to make them as safe as possible from cyber attacks.
Employees should be advised to turn on security features on each device and use them, and to consistently change default credentials to make it more difficult for hackers to penetrate the devices.
And when the IoT devices are not in use, they should be turned off because criminals can’t hack into them when powered down.
Prediction Five: Cloud Computing Will Be Much More Widely Used by Companies for Remote Working
As more corporate employees work at home over the next year, companies will be moving more of their corporate data onto cloud computing servers.
This remote working trend will accelerate the overall cloud computing market that has already been on a steady upward trajectory. In this year’s first quarter, the market grew at a 37 percent annual rate.
Security professionals should provide secure cloud services so employees don’t have to save anything locally or distribute it to other employees via insecure channels.
Security professionals will need to be much more careful about ensuring that the data their companies are moving to the cloud is secure from hackers.
Employees should have access to an abundance of cloud-based storage capability for the broad range of documents they use so they can work with other employees online over secure networks.
Do you agree with these predictions? Are there others you believe should be added to our list? Feel free to leave us a comment
Patrick Barry is the chief information officer for Rebyc Security based in Charlotte, North Carolina. He can be reached at firstname.lastname@example.org.