More Remote Work Means More Phishing Attacks
Distributed workforce dynamics might be easier on workers’ schedules, but office workers are like gazelles: Separate them from the herd and they’re easier to pick off. (This is pretty much the only way they’re like gazelles.)
Kowsik Guruswamy, CTO at Menlo Security, notes that we saw an uptick in social engineering and impersonation attacks soon after lockdowns began.
“This is only going to increase next year,” Guruswamy says, “especially in larger organizations where the distributed workforce have yet to meet many of their colleagues in person. Prior to the era of remote work, you could walk to a person’s desk and ask them for clarification before assuming an email is legitimate. Now that convenience is gone, leaving an opening for hackers to take advantage as more companies remain remote.”
The growing ease with which bad actors can trick and hack a growing remote workforce is a recipe for a brand-new crop of hackers. After all, 2021’s graduating class will be entering a workforce in which entry level jobs are frozen, and they’ll need to put food on the table, too.
Ironically, job-seekers are a group vulnerable to attacks too, says Jon Perez, Director of Emerging Threats & Detection Research at IronNet, since malicious actors always target the most vulnerable groups and demographics. The one other potential vector for phishing attacks is the COVID-19 vaccine rollout.
Finally, a tip of the hat to Thom Langford, a Gigaom analyst who offered what feels like the best bet out of all the predictions in this article: “Nothing really changes; phishing will still be the number one cause of cybercrime as humans remain the number one vulnerability that criminals attack.”
See our guide to the best antivirus software for business
The US Government Further Abandons Victims of Identity Theft
The U.S. government has already cut resources that once flowed to the victims of financial and identity crime, dropping its total crime victim services from $3.7 billion in 2018 to $1.9 billion today, and even the majority of those funds in prosecutors offices and police departments. The Indentity Theft Resource Center believes that trend will continue across the next 12 months.
“Discretionary grants awarded to victim services organizations dropped from $311 million in 2019 to $144 million in 2020, the service notes. “Funds to programs that support victims of financial crimes, including identity crimes and compromises, cybercrime and scams/fraud have been reduced to $0.”
That’s not great news when paired with our prediction about the surge in phishing attacks. But the reign of 2021 cybercrime could get even worse.
Ransomware Attacks will Accelerate
Bad news for every CISO hoping their 2021 will go smoothly, because they can expect a sharp rise in ransomware attacks, both from ransomware-as-a-service hackers and from nation states. This prediction comes from Michael Rezek, VP of cybersecurity strategy at network performance analytics company Accedian (although he was echoed by many other expert respondents this year).
“With the COVID-19 pandemic surging around the world,” Rezek says, “ransomware attacks are likely to continue well into 2021, with nation-state organizations increasingly targeting hospitals, state and local governments, and healthcare researchers.”
What’s the solution? Looking critically at network detection & response solutions (NDR), as well as endpoint security approaches. Smaller companies won’t have the resources, so they should stick with managed security services such as managed defense and response. Employees will need to be educated on the risks, and even simple cybersecurity practices like updating passwords can help.
Need better password practices? Check out Tech.co’s top recommended password managers.
Still, companies should figure out now how to deal with a potential ransomware attack, understanding that the criminal teams tend to move laterally through an organization when they attack, looking for more data to heist.
Vanessa Pegueros, Chief Trust and Security Officer at OneLogin, notes that prime targets include businesses, schools, healthcare facilities and the government.
“SonicWall Capture Labs has detected a 40% increase in ransomware attacks over the first 3 quarters of 2020. At this current rate with the average cost of a ransomware attack ranging from 700 thousand to 1.4 million US dollars, the total cost of these attacks could be almost doubled from 2019 to 2020,” says Pegueros.
Total ransomware damages rose from $11.5B to $20B across 2020, with 56% of organizations falling victim, and the attacks will only keep growing in the new year.
Oh, and the Business World will Change Permanently
Remote work is just one of the permanent changes the business world will see due to the effects of the COVID-19 pandemic, which is expected to last well into 2021.
Wizeline‘s Bismarck Lepe believes that global economies will be all right, but calls out three major industries that will never be their old selves again: commercial real estate, business travel and traditional retail.
“It’s unlikely that these industries will ever fully bounce back to the same levels or percentage of total spend,” Lepe says of the structural changes.
But it’s not all bad news: “Industries like leisure travel, ecommerce, residential real estate and communication, on the other hand, will thrive in the wake of a vaccine, particularly as the broad shift to ‘work from anywhere’ has become the new paradigm.”
But enough about business. How’s the delicate climate of our only habitable planet doing?
