Click to learn more about author Jerry Ray.
You can feel it – constrained optimism bubbling up throughout those communities fortunate enough to enjoy a vaccinated majority. You can see it – daily images of crowded airports and erratic phone videos of passionate passengers aching to stretch out. You can taste it – masks on the verge of replacement by BBQ sauce and milk mustaches. Good times are just within reach in 2021 in the tangible world. In cyber space, though, none of the vaccine options out there will offer any efficacy against the constantly mutating viruses raging throughout digital devices and data stores everywhere.
Tragically, yes, that’s another COVID-19 metaphor used for cybersecurity. As overused and as exhausting as they’ve become, though, the figurative viral-related descriptors like “infection” and “quarantine” depict enough data security concepts to render them timeless. While interesting only when timely, the literal COVID-related trends, policies, and concepts will do a good job of explaining and predicting cybersecurity events at least through the end of this year. And here’s what we’re likely to see.
Exploiting the Home-to-Office Migration
To the extent that working from home created a vulnerable mass of distracted employees outside the confines of their office network and secured perimeter, motivated hackers will be even more active as offices and surrounding lunch and watering spots come back to life. Phishing messages related to everything from new company policies to social gatherings will introduce gobs of malicious file attachments and lead countless workers astray to fraudulent websites scooping up personal credentials and payment information. The staffing changes and recent hires after the long hiatus from office spaces, combined with those who will make their home a permanent office, will add even more to the woes and worries of system administrators and security specialists. Until everyone restores their muscle memory for office work, hackers will enjoy a prolonged period of scattered attention.
Heads in the Clouds
As much as cloud technology came back to the forefront over the past year and a half by making work from home a seamless exercise for many companies, those endpoints accessing data from inside or outside the office will remain the primary target of hackers everywhere. Security professionals will have to keep in mind that cloud providers offer freedom of data access and freedom from physical infrastructure, but not necessarily the freedom of security or freedom from exploitation. Even with the notion of zero trust having been shouted and praised globally in relation to VPN use for accessing corporate data, everything that can be seen on the endpoints needs protection on the endpoints. Renewed attention to securing them, whether inside or outside the confines of the corporate network, will be even more essential in the second half of 2021 given that the cloud providers did a good enough job of storing, delivering, and securing massive amounts of data over the past year.
Mutating faster than any biological or laboratory fabricated virus, ransomware variants never let up throughout any country’s lockdown. And nothing will change in their relative effectiveness. Even if predicting an escalation of ransomware attacks may be the least insightful thought one could offer, it can never go unmentioned. Technical preparation, such as remote backups with sufficient intervals and redundancy, should be no more critical than strategic preparation, where decision trees with probabilities should be drawn to help decide if or when to pay a ransom, even if never paying is the default stance prior to being attacked and all data becoming inaccessible.
No Herd or Even Individual Immunity
Sadly, nobody will be enjoying any type of immune response to any changes made to cybersecurity policies throughout the work-from-home experience. The largest companies with dozens or hundreds of dedicated IT security staff will still see users as their weakest security link and in need of constant education, while the much more prevalent smaller entities will still not believe that they are large enough to be of any interest to motivated hackers. Almost all cyberattacks are not targeted and instead rely on massive numbers of automated hacking attempts across vast IP ranges till someone somewhere brings a dormant shell to life on the hacker’s terminal. Nobody and no system will be immune in 2021, but that doesn’t mean that security tools should not be constantly evaluated and tested far more than security policy heaped upon workers still at home or returning to the office.
It’s as difficult now to be optimistic about the state of security as it was before the pandemic. But that most certainly does not mean that it’s hopeless. In fact, the success of remote work and IT-based businesses throughout the COVID madness offers enough evidence of security tools and policies working just well enough to increase the reliance on digital infrastructure – possibly even more than in the past. For the remainder of 2021, security researchers and specialists should simply keep trying till something close to a vaccine can finally come about.