Podcast Transcription



Dr Christine Izuakor:
Welcome to the Veriato Insider, a podcast covering some of the latest trends and things to know in cybersecurity. This podcast is sponsored by Veriato, a next generation employee monitoring and insider threat detection software provider.To learn more about how Veriato can help protect your company, check out veriato.com. I'm Dr. Christine Izuakor, your host for today's segment. And after the year we've all had in 2020, I'm sure everyone has been looking forward to making it into 2021. And so our topic for this episode covers five cybersecurity trends that we've kind of learned over the last several months, over the last year, and what we all need to be mindful of as we look to the future.

I'm sure many people can agree that 2020 will ultimately go down in history as a year of firsts and a year of surprises and year of challenges from an unprecedented pandemic and natural disasters to an eventful election season, social unrest, and more. Every month presented a new level of struggle, not to mention that critical few weeks when we lost the luxury of being able to walk into a grocery store and buy the highly covenant and prized possession of toilet paper.

A jump in cyber attacks

But during the same year, security trends mutated rapidly. So starting with the FBI reporting a 300% jump in reported cyber crimes related to the COVID-19 pandemic, and we saw so many trends announced after that. And even though there isn't a dramatic shift in the makeup of these cyber attacks, certain types of incidents are accelerating at a much faster rate than others and are expected to last well into 2021 and beyond. Some of the major influencers and headwinds that are driving these trends are of course more employees than ever are now working remotely. That's one. More consumers and people in general are now using online services, some who may not have been used to using these technologies as often before.

Socioeconomic disruptions have surpassed previous downturns immensely over the last year. Healthcare organizations are strained to serious extremes, both from a physical standpoint, with even the second wave that we saw at the end of 2022, the technical side of things, and how the healthcare system is being hit very hard by cyber attackers and by malicious individuals right now as well. And that's another area that's driving this trend. Another one is that companies are still getting caught being unprepared to combat these threats, especially small and medium sized businesses.

Risks associated with working remotely 

Of course that's not an all-inclusive list, but I think those are some of the major trends that we saw in 2020 that are influencing our areas that we need to focus on for 2021. Now, these resulting threats of course impact every industry, and so businesses seek to stay afloat in such unprecedented times that aren't going away anytime soon, it's essential to evaluate how these inherent risks associated with working remotely, and the increased healthcare technology risks and more, how they impact your cybersecurity program long-term and how you need to adapt over the next few years.

5 cyber threats that organizations face

And so we're looking at these five important cyber threats that organizations have to prepare to continue to face in 2021, and some of the security strategies and tools that can help minimize the impact and help companies prepare. The first one is not a secret at all. Basic and advanced social engineering threats will remain an issue for years to come. Social engineering tactics are used to lure innocent employees, consumers, people in general into doing things that they shouldn't do. And that's not new. It's been around forever. It continues to grow in popularity because it's very effective and attackers know that, but recent social engineering attacks have taken a sharp uptick. Hackers are leveraging the fear and doubt of the public mind to their advantage. They're tricking people into making these poor decisions with fake websites and phishing emails.

In 2020, for example, spear phishing emails alone spiked three times. And it's been reported that one in every four Americans received a COVID-related phishing email. Now a variety of campaigns take advantage of this heightened focus on COVID-19 to distribute malware, to steal credentials, to compromise business emails, impersonate brands and scam users out of money. None of that stuff is new, but these tactics are becoming more common and are adapting to whatever the latest news is, and becoming even more sophisticated to include blackmail attacks, conversation hijacking, deep fakes also, so attackers using artificial intelligence to make their social engineering attacks seem much more realistic.

In certain countries the new malware variant of this year, Emotet, was used to infect devices early in the year. Again, in this scam, phishing emails posing as welfare providers distributed this malware. And these increasingly sophisticated state-sponsored phishing attacks have started to target government and relief agencies, industrial, medical, financial institutions, and more. And that of course can be detrimental. For that specific malware, after a two month hiatus, the attack resurfaced stronger than ever in December of 2020, hitting approximately 100,000 mailboxes per day and growing. And so social engineering threats will only get worse.

Companies now have large numbers of workers working from home, and the majority of this workforce is not familiar with remote security hygiene. The pandemic has also forced many consumers, like I mentioned earlier, to transition to online transactions for banking, shopping and more. And so this online consumer model and working model is poised to just become the new norm. We have to continue to pay attention to this. And I think the biggest strategy here is, of course, increased security awareness. These social engineering attacks are targeting people. And so you have to equip people with the information, with the tools that they need to combat this.

It's important to define and deploy security guidelines and governance, security training education, not just at work, but really emphasizing the importance of this at home and the importance of it being integrated into everyday life. The reality though, is that of course that's not enough. Human beings and that training, that's an important element in all of this, but you need to have layers, and you need to have something in place so that when an employee or when a person misses the mark for whatever reason, which is understandable... That's understandable. Again, these attacks are getting very sophisticated. You need the technology and the processes in place to still combat that. And I think this becomes really clear in another stat that I found, which is that 84% of people surveyed through Black Hat in 2020 believed that changes to cybersecurity operations and threats will linger well into 2021 and beyond, and so important stuff to pay attention to.

Insider Threats

Another trend to keep in mind is that remote employees will grow to be the most concerning insider threats. This is partially my opinion, partially what we're hearing across the industry. But insider threats are caused by internal staff, could be disgruntled employees, could be third-party contractors, anyone who whether intentionally or unintentionally misuses their access to company resources to do potential harm. Now, disgruntled employees can maliciously leak confidential information maybe, but sometimes again, these are accidents. These are things that are due to negligence and due to that lack of training that I mentioned earlier. Significant as concern for companies, 66% of organizations consider malicious insider attacks or accidental breaches to be more common than external attacks. And so into 2021 and beyond, we have to continue to pay attention to insider threats and be just as ready to prevent and comeback them as we pay attention to combating and protecting our external attacks in the external perimeter. These are kind of going neck and neck in terms of what we need to pay attention to and prioritize.

Another interesting stat is that over the last two years, the number of insider incidents has increased by almost 50%. And that's expected to grow even more. So again, this isn't going away anytime soon. The COVID-19 pandemic of 2020 triggered the biggest shift to work from home in history. As of January in 2020, the average was only 25% of employees working remotely about once per week. But post-COVID-19 and into 2021 and beyond, because this is somewhat of a long-term thing where we're dealing with truly shifting the way that we work, 85% of organizations adopted remote working strategies, and most of them plan to continue that for the foreseeable future. And so this radical change within a short time span has exposed so many gaps and so many vulnerabilities, from contingency planning to being able to spin up VPNs, to being able to give people access when they need it, to people using their own devices, BYOD, all of these changes have shed light on these gaps in areas that a lot of companies weren't prepared for.

You also have insecure home networks that people are now working from, the lack of visibility, the security awareness, all of these things impact insider threat as well. And so hackers can now more easily compromise remote employees and get them to unknowingly participate in attacks by simply clicking on links, connecting to shady wifi while they're working remotely. And all of these things that still, again, target your insiders and get them to intentionally or unintentionally flip on you and introduce this risk. And so we know that security awareness and education is a step in the right direction. But you also need the technology to help, like I mentioned before. And so this is where monitoring becomes important.

Monitor Employees Remotely

And it's not just monitoring in general. I know that's a term that can be taken so many different ways, but it's being able to monitor employees remotely and being able to do it in a way that is not a Big Brother, I'm trying to stalk you sort of thing, but more of a we're in this together and we're trying to make sure that we have the visibility to support our employees and protect our employees and protect our company when we need it. And so being able to monitor activity access remotely, using user behavior analytics to understand any deviations from what might be considered normal or approved behavior, looking at endpoint monitoring, looking at file download protection, dark web tracking, all kinds of things that can enable monitoring, whether you're in an on-prem environment, which I know a few people are still doing today, but it's a thing, and mainly those remote employees.

Ransomware

The next one is ransomware. So ransomware has been a lucrative asset to attackers and that will continue to be the case. New variants continued to surface every year. These are the types of attacks where people somehow, whether it's through phishing emails or through USBs... There's just many different ways to do this. But ransomware malware gets uploaded onto a system or a network encrypts files and then asks for a ransom or a payment in order get access to that data back. Now, experts estimated that ransomware payments by US businesses could exceed $9 billion back in 2020. And that number will likely increase in 2021. And so the rise in ransomware costs in part can be linked to increasing use of less secure home and non-business networks as organizations shift into these long-term remote work strategies.

In 2020, some of the top ransomware types that we're seeing were Maze, REvil, Ryuk, Ryuk, I can never get the right pronunciation for that, Tycoon and Netwalker. Those were some of the more popular ones that were seen. And I think it's important to, of course, keep an eye on ransomware. It's not new, but I think into 2021, it's a trend that we'll continue, continue to see. And a lot of companies still continue to get caught with this, and not being prepared for it. And so it's important to focus on continuous monitoring of file systems, of device endpoints, of networks, of employees. That can help companies prevent those costly consequences of ransomware attacks.

There are solutions out there that'll use threat intelligence to continually update and maintain a robust database of known ransomware signatures to easily detect the presence of any known variants of ransomware by matching them against that database, can use honeypot files to reliably detect attacks from previously unknown variants as well, and so you're getting a mix of the two. You can create in the store away the most recent system backups in safe locations so that even if ransomware tries to encrypt your backups so that you can't restore from that, you still have a backup of the backups. I know it seems a little extra, but that is something that once you need it and you have it, it is a true lifesaver. There's also solutions out there. This is a feature within Veriato's RansomSafe, as well as things that continue to look out for us, continuously monitoring at the device level to detect attacks early and block attacks from spreading across your network, which can also minimize the impact of any breaches.

Employee Monitoring Compliance

Another one is that data breaches were already growing year over year for the last decade. We can expect even more within high-risk industries into 2021. So I had already talked about earlier, won't spend too much time on this, but the healthcare industry has been getting hit quite a bit. Anyone who has access to sensitive medical or patient data, all of those things will continue to be an issue. We've seen a lot with state-sponsored attacks against governments, government entities. We're going to continue to see that into 2021. And so those industries need to especially prepare. I think organizations also have to pay attention to compliance in this world. So regulations like HIPAA, GDPR, all of that, we have to make sure that we think about how our strategies as we shift to remote workforces and as we continue to adapt to whatever 2021 brings, making sure that we don't lose sight of compliance. While we don't want a security strategy that is solely focused on checking the compliance box, we want to have good security, whether it's compliance related or not.

But at the end of the day, we cannot lose sight of compliance. Because the fines, the consequences, as well as just the trust that I think the public and the people have in your brand can be diminished by that. The last thing is Zero Trust. This has been a keyword from 2020 and I think this will live on for quite a while now. But this is a priority as account compromises will continue to pose new dimensions of risk. So the slew of security incidents during 2020 made it very clear that cyber attackers are not taking any time off, and instead they are creating these new dimensions to launch these sophisticated attacks. They're stealing insider account credentials from employees, from contractors. That's a common entry point into enterprise systems, and that can lead to more noticeable consequences like them stealing data, ransomware and more.

And so where we once relied on a physical perimeter and being in the office and ID badges for security and some of those things to authenticate people, we now have to rely on things like VPN and secure tunneling solutions and all of these things to help people still have that same feel of secure access, but in a remote setting. As we look at remote work as a long-term strategy in 2021 and beyond, this becomes super important. I think remote access demands in general a high degree of security hygiene. Most employees, or many employees, have unmanaged personal devices connected to networks, connected to VPN. And so without the proper checks before connection, your cyber threat surface is expanded even more. Companies have to keep that in mind.

Companies have to think beyond some of the traditional hygiene that we talk about, like having strong passwords. Still super important. We still have to do those things, but looking at stronger account authentication. Getting comfortable with biometrics. I know that's also not something that's new, but a lot of, I think companies or people, if you're not in a highly regulated or highly secure industry, people have kind of dragged their feet with incorporating biometrics. And I think now it's something that more people have to look at, multi-factor authentication, all of that, just to make sure that who is trying to access your network is indeed who they say they are. Employee monitoring using robust AI-based behavior analytics and threat intel can also help in this space.

What is Zero Trust

And I think the bottom line is that we have to adopt the layered and hardened model of never trust and always verify, Zero Trust, which of course we all know it's not a technology or something that you buy. It's a mindset, it's a culture. It's how you begin to set up all of these different technologies that you have within your organization. And so I think that's something that we'll continue to see grow even stronger in 2021 and beyond.

And so to wrap things up, in conclusion, 2020 has and will continue to change the way that people prefer to work, socialize, communicate, and more. People will feel more comfortable to interact and transact virtually and online instead of in-person. And even when the world returns to some sense of what we consider normal, there's an approved vaccine out now where everybody's watching to see how that goes and how that impacts things, and whether we do go back to some form of normalcy. But I think even no matter how that goes, I think people will still, for the foreseeable future, leverage virtual settings and virtual technology in a way that we hadn't in the past, and so this translates to heightened cybersecurity risks going forward.

And so in order for us all to avoid being amongst the victim organizations who are getting hit brutally during this time, you have to have a solid plan for addressing both data privacy and security risks, and then an adaptive risk management program to make sure that as new things get thrown at us in 2021... We don't know what kind of year it's going to be next year. Knock on wood, I don't want to jinx us that it'll be anything like 2020. But we don't know what kind of year we'll have next year, and so we have to have a strategy that is adaptable and have technology that is adaptable to that evolving risk.

That concludes the Veriato Insider podcast for this week. This podcast has been brought to you by Veriato. Their solutions are anchored around four core areas of cybersecurity protection, including employee monitoring and web filtering, insider threat detection, employee investigations, and ransomware support. To learn more about how Veriato can help protect your company, or if you have any questions that you want to answered during the next podcast or anything like that, visit Veriato.com and send the team a quick note. Thanks for tuning in I'm Dr. Christine Izuakor, the founder and CEO of Cyber Pop-up, and it's been my pleasure to share these insights with you. Until next time, stay safe and secure and have a wonderful 2021.


Listen To Podcast