Turning the Tide: Trend Micro Security Predictions for 2021
What At-Home Workers Need to Know
The pandemic has blurred the boundaries between work and private lives — business machines are being used for personal projects, and work is done over home internet service providers. Employees at home have to consider security on an enterprise level — are home routers unpatched or outdated? Are devices on the network secure? Family members may also be sharing devices while working for different organizations, which is delicate when enterprise data is involved.
Those working from home should be aware that home networks will become launching points for threat actors. These individuals want to hijack machines and jump from one device to another in an attempt to gain a foothold in a corporate network. Routers have long been viewed as sitting ducks for remote attacks on connected devices, and we predict that cybercriminals will offer access to hacked routers as a new service for threat actors aiming to break into home networks.
We noted in our mid-year roundup that the number of Covid-19-related spam emails and phishing attempts are increasing. Cybercriminals will continue to use the coronavirus, and other related incidents from the pandemic's fallout, to lure in new victims.
What Enterprises Need to Know
Organizations are trying to modify and upgrade their IT infrastructure to fast-track their move to the cloud. It is the goal of enterprises across all industries to be versatile and agile enough to meet future challenges.
Telecommuting will continue into 2021, and hybrid environments, where work and personal tasks comingle in one machine, will be challenging in terms of security. Organizations — especially global enterprises — will have less control over their data. Delineating where data is stored and processed will become more difficult. The decreased visibility into enterprise devices only gets more problematic when employees access personal apps from work devices.
Remote work also poses a challenge — the dive into cloud environments and new collaboration tools makes security even more critical. To gain system visibility and meet scaling needs, organizations are gathering and storing massive amounts of data across multiple sources and environments. We predict that these data troves will be central to modern, high-profile cybercrimes.
We also foresee threat actors targeting vulnerabilities in application programming interfaces (API). APIs help deploy services and software in devices (including the IoT), and businesses rely on APIs for many things, such as interacting with customers via apps. Attackers can use these software intermediaries as entry points into organizations, and as APIs become more prominent in the enterprise space, their attack surface becomes more visible.
Both users and enterprises will have to protect work-from-home setups from threats — IT teams will need to secure entire remote workforces, and individual users will have to secure their virtual workspaces and endpoint devices.
What Governments Need to Know
While rapid collection and access to data are important, governments must first establish a secure way to gather such information. Servers and databases must be configured securely and must have the necessary protections to avoid data leaks and vulnerability exploitation.
Future-Looking Cybersecurity Solutions
Organizations and decision-makers can use our security predictions to create a proper cybersecurity strategy that can withstand change and disruption.
Training. Users must be informed of the tactics and possible attack vectors. Organizations should reinforce knowledge on threats and extend corporate best practices into the home. Establish security rules on telecommuting and advise against using work devices for personal purposes.
Access control. Organizations should create security-based company policies and an incident response plan that covers every perimeter of their operations. Refrain from putting implicit trust in assets or user accounts regardless of the location.
Basic security and patching. Users and enterprises should regularly update and patch applications and systems.
Threat detection and security expertise. Ensure advanced, round-the-clock threat detection and incident handling in cloud workloads, emails, endpoints, networks, and servers with the help of dedicated security analysts. Gain better insights into attacks and prioritize security alerts through comprehensive threat intelligence and industry-leading solutions.
To gain further insight into our 2021 predictions, read our full report:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases