Since most everyone is ringing in the New Year by sheltering in place, it may provide much needed time for reflection on what is needed to ensure 2021 is better than 2020 on all fronts. While we can’t control the impact of a pandemic, those of us in the IT security space can control how we prepare for the new onslaught of cyberattacks and hacker techniques that are sure to come in 2021.
2020 Security Review
Before we look at a few ideas for 2021, it is always a good idea to take a look back and review what trends and/or potential lessons learned from experience in 2020. A blog published on Cyber Security Intelligence offers these observations on “Latest Cyber Security Threats & Trends: 2020 In Review”:
- State-sponsored attacks: Modern cybercrime goes beyond individual hackers trying to make a profit through ransom or data theft. Today, state-sponsored cyberattacks have emerged as one of the preeminent threats targeting critical infrastructure. The frequency and severity of these attacks continue to increase. According to Verizon, state-sponsored attacks increased from 12% to 23% in 2019, and the numbers are expected to be even higher in 2020. The most obvious example of this approach is Russian hackers accused of affecting elections, releasing confidential information into the public domain, and hacking into critical infrastructure.
- Zoom, Google Meet, and Microsoft Teams phishing scams: The number of people using videoconferencing services has significantly increased during the COVID-19 pandemic. Hackers use Zoom, Google, and Microsoft domains to pose as official links. These fake links enable attackers to trick people into giving access to personal information or accidentally downloading malware.
- Internet of Medical Things (IoMT) attacks: IoMT is a connected infrastructure of medical devices, and applications that generate, collect, analyze, and transmit healthcare data. IoMT enables you to connect medical devices to the Internet. This includes personal insulin pumps, glucose and heart monitors, and pacemakers.
- Attacks on smart consumer devices and smartphones: Protecting devices like fitness trackers, smart speakers, smart watches, and smart home security cameras has become one of the main concerns in cybersecurity. Connecting from public Wi-Fi networks, or accessing your company email from your smartphone can make sensitive data available to everyone. Furthermore, the use of instant messaging services and file sharing can enable hackers to easily compromise smart devices, giving access to credentials and data.
- Shipping cyber attacks: Many aspects of shipping can be vulnerable to attacks, including ship navigation systems, port logistics, and ship computer networks. According to maritime cybersecurity experts, Naval Dome, shipping-targeted attacks increased by 400% since February 2020 due to the coronavirus pandemic.
2021 Security New Year's Resolutions
So, as we turn our attention to the new year and what 2021 will bring us, it will be valuable to take stock of new priorities in light of ever-changing environments. Here is a list of suggested resolutions to ensure your 2021 doesn’t start off with a cyber-hack or security IT breach:
- Keep Your Skillset Current: DevSec Training is a need to have in today’s world where cyber criminals and hackers work tirelessly to find even the smallest of codded vulnerability. What separates bad training from good will be the difference between those organizations that succeed and those that don’t.
- Trust But Verify: A security assessment should go beyond just identifying security defects. You should expect a focus on help for meaningfully triaging and fixing vulnerabilities discovered during testing. You should schedule assessments for applications, networks, Internet of Things (IoT), mobile, clod and cloud native to be thorough.
- Make DevSecOps A Priority: A successful DevSecOps team will ensure no security vulnerabilities are unknowingly coded into apps, on premise infrastructure or IoT or cloud. The cost of missing even one item can be devastating to your organization.
Another important factor in your 2021 preparation should be your partnering strategy. Look for security professionals that have proven experience with secure SDLC, the ability to perform assessments across all fronts and provide invaluable remediation advice as well as training for your development team on the latest security techniques.
Your 2021 Security Partner
nVisium empowers organizations to eliminate application and cloud security vulnerabilities before cyber threats exploit them with proven in-depth security assessments, remediation and training programs. Our experienced team of security-savvy developers and engineers guide organizations to build best practices with high ROI into their engineering and secure development lifecycles across applications, operating systems, networks, mobile, cloud and IoT through services, software solutions and R&D unique to business operations and compliance initiatives. Additionally, nVisium provides a fully managed platform for tracking and measuring performance as well as instructor-led and online training.
2021 is likely to bring even more aggressive cyberattacks across infrastructure, applications, cloud and IoT. Wouldn’t you prefer to start the new year with assessments to review all in place technologies for potential vulnerabilities and give your developers a quick refresher on the latest security best practices? If so, then give us a call when you start your 2021 security strategy update or better yet, schedule a consultation today or download our new eBook titled “Demystifying DevSecOps” to get started yourself.