Check Point Software´s predictions for 2021: Securing the ‘next normal’

“Life is what happens while you’re making other plans,” said John Lennon. And the events of 2020 have shown how right he was.  If you had looked through the predictions and contingency plans of the world’s top 1,000 companies 12 months ago, few (if any) would have included detail on dealing with a global pandemic.

COVID-19 is a true ‘black swan’ – an ultra-rare yet high impact event that has derailed business as usual. It forced organizations to set aside their existing business and strategic plans, and quickly pivot to delivering secure remote connectivity at massive scale for their workforces. Security teams also had to deal with escalating threats to their new cloud deployments, as hackers sought to take advantage of the pandemic’s disruption:  71% of security professionals reported an increase in cyber-threats since lockdowns started.

That is, perhaps, the only predictable thing about cyber-security: threat actors will always seek to take advantage of major events or changes for their own gain. So what are the major cyber-security related changes and events that we expect in the cyber landscape over the next 12 months?  Here are our predictions broken down into three key areas:  COVID-19 related developments; malware, privacy and cyber-conflicts; and emerging 5G and IoT platforms.

Pandemic-related developments

  • Securing the ‘next normal’: In 2021, Covid-19 will still be impacting our lives, businesses and societies, and those impacts will change as the year progresses. So we need to be ready not for a permanent ‘new normal,’ but instead for a series of ‘next normals’ as we respond to those changes. Following the rush to remote and flexible working, organizations need to better secure their new distributed networks and cloud deployments to keep their applications and data protected. This means enforcing and automating threat prevention at all points of the network – from employees’ mobiles and endpoints, to IoT devices, to clouds – to stop advanced attacks spreading rapidly across organizations, and exploiting weaknesses to breach sensitive data. Automating prevention will be critical, as 78% of organizations say they have a cyber-skills shortage and 76% are struggling to recruit new cyber-security talent.
  • No cure for COVID – related exploits: As COVID-19 will continue to dominate headlines, news of vaccine developments or new national restrictions will continue to be used in phishing campaigns, as they have been through 2020. The pharma companies developing vaccines will also continue to be targeted by malicious attacks from criminals or nation-states looking to exploit the situation.
  • School’s out – targeting remote learning: Schools and universities have pivoted to large-scale use of e-learning platforms, so perhaps it’s no surprise that the sector experienced a 30% increase in weekly cyber-attacks during the month of August, in the run up to the start of new semesters. Attacks launched by these digital ‘class clowns’ will continue to disrupt remote learning activities over the coming year.

Malware, privacy and cyber-war

  • Double extortion increases the ransomware stakes: This year saw a sharp rise in double-extortion ransomware attacks: hackers first extract large amounts of sensitive data, prior to encrypting a victim’s databases. Then attackers threaten to publish that data unless ransom demands are paid, putting extra pressure on organizations to meet hackers’ demands. Attacks have become so disruptive that the FBI has softened its stance on ransoms: it now says that in some cases, businesses may want to evaluate paying up to protect their shareholders, employees and customers.
  • The botnet army will continue to grow: Hackers have turned many developed malware families into botnets, to build armies of infected computers with which to launch attacks. Emotet, the most commonly-used malware in 2020, started as a banking trojan but has evolved to become one of the most persistent and versatile botnets, capable of launching a range of damaging exploits, from ransomware to data theft.
  • Nation shall attack nation: Cyber-attacks by nation states will continue to grow, for espionage or to influence events in other countries. Microsoft reported that threat actors from just three countries launched 89% of nation-state hacking incidents over the past year. Attacks were widespread, with targets ranging from elections to the Olympics. Over recent years there has been a focus on securing national critical infrastructure, and while this remains essential, it’s also important to recognise the impact of attacks against other state sectors. These include national healthcare organizations and Government departments, such as March 2020’s Vicious Panda campaign targeting Mongolia.
  • Weaponizing deepfakes: Techniques for fake video or audio are now advanced enough to be weaponized and used to create targeted content to manipulate opinions, stock prices or worse. Earlier this year, a political group in Belgium released a deepfake videoof the Belgian prime minister giving a speech linking COVID-19 to environmental damage and calling for action on climate change. Many viewers believed the speech was real. At a simpler level, audio could be faked for voice phishing – so that a CEO’s voice could be forged giving instructions to make a cash transfer to accounts staff, or to by voice recognition software.
  • Privacy? What privacy?: For many people, their mobile devices are already giving away much more personal information than they realize, thanks to apps demanding broad access to peoples’ contacts, messages and more. This problem has been magnified with buggy COVID-19 contact-tracing apps, which have been rush-released with privacy problems, leaking data about individuals. And that’s just legitimate apps causing problems: mobile malware targeting users’ banking credentials and committing click-fraud on adverts is still a significant and growing threat.

New 5G and IoT platforms

  • 5G benefits and challenges: The totally connected, high-speed world promised by 5G also gives criminals and hackers opportunities to launch attacks and cause disruption by targeting that connectivity. E-health devices will collect data about users’ wellbeing, connected car services will monitor users’ movements, and smart city applications will collect information about how users live their lives. This massive volume of data from always-on, 5G devices will need to be protected against breaches, theft and tampering to ensure privacy and security against attacks, especially as a lot of this data will bypass corporate networks and their security controls.
  • Internet of Threats: As 5G networks roll out, the numbers of connected IoT devices will massively expand – drastically increasing networks’ vulnerability to large scale, multi-vector cyber-attacks. IoT devices and their connections to networks and clouds, are still a weak link in security: it’s hard to get complete visibility of devices, and they have complex security requirements. We need a more holistic approach to IoT security, with a combination of traditional and new controls to protect these ever-growing networks across all industry and business sectors.

In summary, whatever the ‘next normal’ is as we continue to navigate through pandemic disruption, hackers and criminals will be seeking to take advantage of the situation for their personal gain. To stay ahead of threats, organizations must be proactive, and leave no element of their attack surface unprotected or unmonitored – or risk becoming the next victim of sophisticated, targeted attacks.