Netwrix, a vendor that makes data security easy, reveals the top five cyber security trends for organisations to keep an eye on in the second half of 2020 and beyond. Although the massive transition to remote work in response to the global pandemic has led to an increase in cyber-attacks, Netwrix experts don’t envision dramatic shifts in the cyber security threat landscape. Instead, they identify the following trends that have accelerated and will have the biggest impact on organisations:
• The insider threat will become even more pressing.
With many organisations already planning to keep more of their staff working from home, IT teams will have to adapt to a larger remote workforce — which means a lack of control over a greater number of endpoints and network devices. Therefore, organisations need to develop new security strategies based on the zero trust model, including ways to prevent sensitive data from spreading across employee endpoints and cloud collaboration tools.
• Security by design and by default will become the norm.
Use of online services — from retailers to social media to productivity tools — has exploded during the pandemic. Unfortunately, many users have little knowledge about cyber security threats, which makes them easy targets for online scams. To mitigate risk, organisations should clearly communicate security best practices, but they will also need to build in as many safeguards as possible. Indeed, every organisation offering online services will be under increased scrutiny to enable strong security and privacy settings by default, and some will use advanced security options as a market differentiator.
• Deepfakes will take spoofing to the next level.
Emails impersonating C-level management and voice spoofing will continue, but the extensive use of video conferencing for regular communication will lead to a rise in a newer variant of this attack vector: video spoofing. We don’t expect deepfakes to become widespread soon, but AI and neural networks will make them more probable. To withstand this threat, organisations will have to reshape their approval processes, especially for budget and data access. In addition, IT teams will need to increase the accountability of all employees and prevent illegitimate elevation of privileges.
• Attacks will go undetected in a flood of false alarms.
The abrupt change to remote working has caused many security monitoring solutions to generate far more false positives, since they require time to adapt to the new normal. A similar spike in false alarms will occur when employees return to the office. Hackers will continue to use these turbulent time to launch attacks, knowing that organisations will be blind to their malicious behaviour. IT needs to remain vigilant and find ways to spot and investigate the true threats in all the noise.
• Organisations will move beyond passwords.
As people flock to online services, re-use of passwords between services will increase, since users cannot remember dozens of unique passwords and are reluctant to adopt password management tools. To reduce the risk of breaches from compromised credentials, organisations will adopt non-password authentication methods, such as biometric data like fingerprints or eye scans. As the amount of personal data transmitted and stored online increases, organisations will need to implement adaptive risk management programs and have security in mind every time they implement new services and technologies.
“Every crisis forces organizations to scrutinize where they are focusing their resources and efforts. While many IT projects can be suspended, a strong cybersecurity strategy remains vital. Automating cybersecurity tasks enables IT professionals to do more with less while reducing human errors and inconsistencies, which helps the organization improve productivity, reduce operational expenditures and refocus the talent of their workers on more critical areas,” said Ilia Sotnikov, VP of Product Management.