Cybersecurity: How 2020 Lessons Learned can Inform 2021 Strategy
As we welcomed 2021, cybercriminals were already ringing in the New Year with new ways to compromise individuals and businesses. While we manage cyber challenges in 2021, let’s look at cybersecurity lessons learned in 2020 that can help us moving forward. What have we learned in the past year – and how can organizations be better prepared to respond to cyber threats this year?
The data breaches of 2020
2020 hosted unexpected events such as the COVID-19 pandemic and brought high levels of cybersecurity activity. To cybersecurity professionals, this came as no surprise. Big breaches were littered throughout the year; the first happened at the very beginning in January when we learned that a major technology company’s customer support database holding over 250 million customer records was left compromised on the web. The information was available online without appropriate protections for almost a month. Only a month later, a makeup giant revealed that 440 million customer records were disclosed in a database.
As we approached spring and summer, criminals continued to put compromised information up for sale on the dark web. We learned that more than 500,000 teleconferencing accounts as well as 267 million profiles hosted by a big social media network had been listed for sale. Cybercriminals continuously turned up the heat, and we saw the disclosure of breaches and exposed user information by three major social media websites, as well as a big data leak in which 269 GB of data was stolen from US law enforcement agencies. Over the course of the fall, data belonging to patients of several hospitals and pharmaceutical research companies were exposed to criminal eyes. Wrapping up the year – and despite travel restrictions for the majority of the year – travelers’ information was compromised when a hotel reservation platform was breached, revealing private information of more than 10 million hotel guests.
The recent SolarWinds breach, which garnered massive scale and media coverage, underlined the criticality of preparedness and third-party management. The full impact of the compromise will take months to determine. Nevertheless, smart organizations are already reprioritizing their cyber risk focus and preparing for copycat supply chain attacks throughout government and commercial sectors. All organizations must take note of the extraordinary impact of breaches like this and understand the importance of confidentiality, integrity, and data availability as we continue in 2021.
What can we expect?
Cybercriminals are always ready to seize opportunities to exploit security weaknesses for monetary and disruptive gains – and this year will be no different. What else will they bring to the table in 2021? Following the rise of remote working due to COVID-19, we can expect criminals to continue targeting the remote workforce as an entry point to companies, and sensitive data – and home network cyber risks will become greater during the year. In response, CTOs will likely continue exploring avenues to help mitigate this risk by spending more time and money on endpoint security and end-user training.
Cybercriminals are money hungry, and ransomware is lucrative. Needless to say, we can expect ransomware threats to increase. Likely ransomware targets will include hospitals and other health and research facilities, as these facilities are responsible for patients’ highly sensitive information, and any disruption can cost lives, valuable treatment time, and patient data endangerment. Criminals are likely to target these organizations because they count on healthcare leaders to pay a ransom instead of gambling with patient health and information.
We will see criminals’ continued faith in the notion that humans are the weakest link and can expect an uptick in social engineering. However, as more defensive technologies integrate with artificial intelligence, bad actors find it more difficult to compromise network boundaries. This is where the dangers of deep fakes enter. ‘Deep fakes’ are audio or video recordings that combine existing information and develop it into a new image, video, or audio recording which can be pooled with existing tactics to cause maximum damage. For example, a criminal can look and sound like the CEO of your company and easily trick you into approving a large payment.
Lastly, third-party risks continue to grow as our reliance on vendors increases and vendor networks grow. The COVID-19 pandemic highlighted the importance of vendor management and how the failure of one element of a supply chain – whether it’s due to a cyber-attack, pandemic, or other reasons – can impair a company’s ability to continue to service its customers. Cybercriminals are well aware of the third-party network and will continue to target vendors’ data as a stepping stone to larger partners.
Lessons learned and tips moving forward
The breaches mentioned were not the only ones to be targeted and fall victim to cyberattacks. In fact, there are thousands of reported and unreported data breaches yearly, compromising the security of organizations, customers, and employees. It is important to remember that companies of any size can fall victim to a cyberattack – it only takes one compromised device or opened phishing email to expose the data of thousands. No firm is too small to be a victim, and many criminals will specifically target smaller partners of a larger company as an entry point.
Cybercriminals are opportunistic in nature, so they must be expected to weaponize previously successful tactics as well as follow trends and invent new ways to gain an advantage this year. To protect your organization, you must:
- Implement an effective third-party risk management program to ensure periodic validation of confidentiality, integrity, and data availability
- Develop or begin to instill a culture of cybersecurity and ensure that there is an organizational belief that cybersecurity is everyone’s responsibility. Also, focus on employee cybersecurity training and basic cybersecurity hygiene, especially with the rise in remote working when some employees may be using personal computers on home networks
- Review and update your cyber risk policies and definitions
- Develop, or if existing, review and enhance your Cyber Incident Response Plan. Always assume that your organization is at risk to be prepared for a cyberattack
- Review available technology and solutions and ensure that all patches and updates are up to date through IT risk assessments.
- Facilitate simulations and exercises at all levels to ensure your leadership and entire workforce understand their responsibilities in the case of a cyberattack
While we cannot know precisely what cybercriminals will do this year, it’s important to anticipate their predatory behavior and take precautionary measures to protect your business. The COVID-19 pandemic showed that taking action once disruption occurs can lead to loss of business, future and current customers, and rattle your standing as a reliable organization in your industry. This is why it’s important to look back on the previous year, learn your lessons, and prepare for what’s next this year.