Our cybersecurity roundup reflects on the most significant security challenges faced by businesses this year; from digital workplaces and increasingly sophisticated threats, to conspiracy theories and politics – all in the midst of a pandemic.
Expert Insights / Dec 18, 2020By Expert Insights
And now, ladies and gentlemen, the moment we’ve all been waiting for – the end of 2020! But just before we hop off the rollercoaster ride that the beginning of the new decade brought us, let’s take some time to reflect on some of the key cybersecurity trends and events of the year.
A Timeline Of Cybercrime
Here’s a quick look at some of the most high-profile attacks that made the headlines this year:
Caitlin Jones: Workplace Migration And Virtual Collaboration
By the end of March this year, almost all countries around the world had implemented some level of lockdown in an attempt to combat COVID-19. Huge numbers of employees began working from home, which led to a surge in digital transformation and cloud migration trends worldwide. Note that the pandemic didn’t cause these shifts – it just accelerated them. Businesses who were already planning their cloud migration had to implement those plans immediately, and those without a migration strategy scrambled to enable their workers to be productive from home.
The unprecedented speed with which businesses had to adapt to a new way of working often meant sacrificing security – favouring the use of unmanaged BYOD devices over secure, corporate-issued ones, for example. Whilst this reduces costs for an organization and enables remote productivity, it also gives bad actors a whole host of unlocked doors that they can use to access sensitive company data. Why? For starters, we don’t normally implement such stringent technical security measures on our personal devices. It’s also harder to spot a phishing email on a mobile than a desktop. And don’t get me started on the dangers of dodgy Wi-Fi connections.
The UEM and UES markets aren’t the only ones to have boomed this year. From board meetings to watercooler chats, Kanban boards to talking sticks, communication and collaboration sit at the heart of every company’s innovation and growth. So it’s no wonder that we’ve seen huge growth in the cloud technology and virtual communication markets. Microsoft Teams currently leads the virtual collab-olution with over 115 millions daily active users, followed by Cisco, Google and Slack, and companies are investing increasingly more in cloud-based tech that can be accessed from anywhere, rather than clunky datacentre hardware that ties workers to the office.
Jacob Duane: Digital Transformation: Expecting The Unexpected
The past few decades have seen a rapid, disruptive, shift towards online work. Infrastructure-as-a-service (IaaS) is dominating and is projected to continue to grow at an eye watering CAGR of 23.2% until 2027, quintupling the size of the industry. This shift towards IaaS is a major one, it covers a vast surface of the “technology” side of the people, process, and technology triad, a tried and tested framework as old as the internet itself. At this point an organization may have already offloaded the management burden of servers to one of the big three cloud providers to manage infrastructure, posing the question of an organisation’s next step within the triad; people.
A comprehensive study by the British Government found that many organisations did not understand what role they needed to recruit for to achieve not only internal compliance, but to meet the needs of their clients and stakeholders. Such organisations therefore employ for generic fields such as “information security” and “network security”. As organisations scale up, large enterprises develop surprisingly small security teams. One survey showed that organisations of a mean size of 26 000 employed just 18 security personnel; that’s a single security specialist for every 1400 employees. Security needs are too big, too enigmatic, and most importantly, too dynamic to be understood by a small in-house IT team.
The skills gap on the process side is apparent in 2020. With the pandemic, the world is changing at a rate that outpaces most IT teams who are now shouldering a security strain so high as to cause them to become reactive rather than proactive. Users are no longer protected by an on-premise firewall. Phishing emails have increased by a factor of 6, taking advantage of the Spring confusion, necessitating the need for a strong email gateway and email remediation stack.
Most organizations have responded by retroactively preparing for the pandemic that started Q1 2020, yet the focus instead needs to be on the future, expecting the unexpected ahead of time. Organisations are therefore turning to Cyber Security-as-a-Service (CSaaS) that is, commissioning a highly skilled security team that not only manages a company’s security on their behalf, but one that knows exactly which services are required to avoid the all-too-common mistake of bikeshedding. The service provided is proactive and responsive, a company offering a security stack will always be more efficient and bring down cost of ownership, employing the benefits of economies of scale, commissioning specialist experts to manage security proactively and seeking out the most recent threats and preparing their partners accordingly.
Mitchell Gatting: The Introduction Of 5G
5G, the next most significant leap in internet connectivity and speed. Promising speeds of up to 10 gigabits per second and minimal latency. That equates to being able to download a two-hour movie in just 3.6 seconds, compared to 4G, which at max, would take 6 minutes. But the promise of 5G’s greater speeds and more reliable connections has been overshadowed by the implementation and security issues that surround it.
In March, the Commons Defense Committee in the United Kingdom announced the formation of a sub-committee to probe the security of 5G networks. Heavily featured in this report was Huawei. The sub-committee determined that as the 5G networks were deemed as a Critical National Infrastructure, more research and time was needed before allowing a possible security threat access to this physical infrastructure. Since the release of that report, the U.K. government has published a press release detailing the removal of Huawei parts already built into the network. Included in the press release was three significant changes that would be happening. First, buying new Huawei 5G telecommunication equipment is banned after Dec. 31st 2021. Although don’t worry if you have a Huawei phone – they are still allowed to market and sell their devices. Secondly, all Huawei equipment must be removed from 5G networks by the end of 2027. Finally, the existing ban on Huawei from the most sensitive “core” parts of the 5G network, which was up for debate, remains in place. Digital Secretary Oliver Dowden said in a statement to the House of Commons: “By the time of the next election, we will have implemented in law an irreversible path for the complete removal of Huawei equipment from our 5G networks.”
Aside from the physical cybersecurity issues of the 5G infrastructure, there are other 5G risks a bit closer to home. Current 4G technology uses a frequency range of 800MHz to 2600MHz, 5G is a bit more complicated in how the frequency band are used but, to simplify, 5G has a range of 450 to 6000MHz. With that higher frequency, more masts are needed as the signal doesn’t travel as far.
An optimist might say, “That’s great! Our location services will be much more accurate!”, but a cybersecurity expert would have the opposite opinion. Current technology can use 4G to place your location on a street or at a specific house. Now imagine if your location services could place you in a specific room or even a specific shelf in that room. That is the reality of 5G. If a malicious party or threat actor could get hold of that data, they could easily use to carry out reconnaissance. Internet of Things devices which also use this data, such as a smart plug, smart fridge or even a smart kettle would give an incredibly accurate schedule of an individual’s life. Convenience should never compromise security.
Mitchell Gatting: Election Risks And Nation State Attacks
2020 has seen one of the most significant increases in sophisticated cyberattacks. Microsoft recently created a new annual report called the Digital Defense Report to cover new techniques that are being employed by these nation-state actors. In the period leading up to U.S. election, Microsoft observed that there had been over 200 organization and high-profile individuals targeted. Thousands of attacks originating from Russia, China and Iran from prominent Advanced Persistent Threat (ATP) groups, Strontium, Zirconium and Phosphorus have been determined.
With the increase in APT countries are feeling the effect of their influence. Election are a pivotal point in democracy, one in which in recent years have come under threat from APT and nation-states. There are three methods in which foreign powers can intervene in other elections:
Operations aimed at influencing voters through social media, misinformation and fake news.
Operations aimed at discrediting political parties via targeted hacking of political parties and the release of sensitive materials.
Operations aimed at interfering or manipulating the voting process, such as targeted hacking of voting machines.
Combined with election interference from foreign powers, there are also breaches happening in government departments. SolarWinds reported on Dec. 13th that hackers had introduced malware into a service that delivered security updates for its Orion platform, a suite of products commonly used to track the health of its IT networks by the U.S. federal government and Fortune 500 firms. FireEye said on Tuesday that it was also breached in a nation-state attack intended to obtain data on some of its government clients, but did not specify if the SolarWinds Orion attack compromised its network as one of the organizations.
The actors exploited the software updates of SolarWinds Orion to include malware that, once installed, allowed the hackers to control the systems of their customers, FireEye said. “We have been advised this attack was likely conducted by an outside nation-state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack,” SolarWinds said in a statement on its website.
In this breach, Microsoft was also placed under investigation as it was suspected that hackers were “highly sophisticated” and able to deceive the authentication controls of the Microsoft platform. The hackers were able to forge a token in Azure Active Directory (AD) that claims to represent a highly privileged account, the Microsoft Security Research Center wrote in a blog on Sunday. With compromised credentials, the hackers could also acquire administrative Azure AD privileges. Microsoft said this was particularly likely if the account in question is not protected by multi-factor authentication.
Jacob Duane: Business Are Investing More In Cyber Protection… But Why?
The answer to this is three-pronged. The first reason is that simply, as the digital world grows, so too does the lucrativeness of a successful hack; the second is the emergence of government-levied fines such as HIPAA and GDPR; the final prong is the increased creativity of hackers. There have been huge rises in not only the different types of threats, but most importantly, the ever-increasing diversity of the damage that can be done.
The days of physical bank heists are numbered, sophisticated security technologies have greatly decreased the ease by which thieves can gain access to safes and vaults. In the modern day, it is all about clandestine cyber operations to find low hanging fruit. As discussed, the security operations teams of most companies are not fully aware of the true extent of these threats, it is now no longer just about avoiding trade secrets being stolen and patient and client data being sold on the black market. Recent research has shown that it is possible to employ Artificial Intelligence to manipulate CT scans, the AI agent digitally adding and removing tumours at a whim. Such technology is even more troublesome as highly specialised medical equipment is often unpatched and serves as a poorly guarded point of ingress to a company’s data. If a medical system is compromised in this way, in the worst-case scenario all existing scans are rendered immediately useless. In a world of fake news, imagine the damage that could be done if an advanced persistent threat would make a small tweak to the results of a competitor’s pharmaceutical, or if the medical history of a politician were changed at a strategic moment.
A final motive for the increased investment is reputational. This year many businesses are financially struggling, but their reputation often remains untarnished which allows for a slow and stable recovery likely on par with its competitors. A major security breach can change all of that, and can cause devastating damage to brand equity, greatly impeding the ability to recover. In a world where data privacy concerns are high, a client who knows their data is not adequately protected will find a company that will.
Joel Witts: The AI Strikes Back: Artificial Intelligence Hopes And Fears Grow
As cybersecurity professionals deal with a global pandemic, remote working and huge increases in social engineering and ransomware, artificial intelligence (AI) hasn’t been quite so dominant in the security conversation this past year. But 2020 has been an incredible year of growth for AI, laying the groundwork for fundamental changes both in the cybersecurity landscape and our wider society.
However, the future of AI is not all bright. Back in 2019, MalwareBytes predicted that in the next 1-3 years we’d start to see cybercriminals use AI to execute even more devastating and effective cyberattacks. They warned of self-learning malware and automated social engineering attacks that use deep fake technology to deceive millions of people.
At the same time, governments, cybersecurity experts and vendors are integrating AI ever more tightly into their cybersecurity solutions, sparking an AI arms race to weaponize the technology. Cybersecurity vendors are using AI to improve machine learning systems, spot social engineering attacks, and find weaknesses in networks. These trends aren’t unique to 2020, but the cybersecurity AI market has continued its rapid expansion in the past year.
What the future of AI within cybersecurity will look like is murky. Research is already suggesting that AI systems are evolving rapidly, without human involvement. Cybersecurity companies are relying more and more on AI systems due to the widespread skills shortage in information security, which will bring benefits, as well as new risks to consider.
Who has the machines taking over on their prediction list for 2021? After the past year we’ve had, anything is possible…
This year, we’ve seen the acceleration of existing trends in the cybersecurity and information technology markets, such as digital transformation and cloud migration. Investment in cybersecurity continues to reflect these changes, with organizations choosing to spend their budgets on endpoint management and virtual collaboration platforms.
However, as the world of technology has evolved, so have cyberattacks. Bad actors are finding ever more sophisticated ways of infiltrating an organization’s network – illustrated by the alarming increases in successful phishing and ransomware attacks that we’ve seen this year. So it comes as no surprise that email security has also been a top priority when IT teams were given the go-ahead to splash some cash this year.
We reflect on the past to learn from it and take these lessons with us into the new year. But let’s not ruminate any longer! As the saying goes, yesterday is history, tomorrow is a mystery and today is a gift – that’s why we call it the present. And speaking of presents, we at Expert Insights wish all of our readers a very merry holiday season and a happy new year!