The technological landscape is forever changing, which is something that has always been true, but, over the past couple of years, there’s been some massive changes. What has happened can only be described as a disruption, effecting businesses all over the world, as a result of the pandemic. No one would have predicted this one event and how it would affect technology, businesses and cybersecurity. In this article we will be looking at the threats that are and have emerged as a result of it, and which of these trends poses the biggest threat this year.
1. Increased Multi-Factor Authentication Use
While the use of passwords is a standard best practice for cybersecurity, we can see more and more companies adopting multi-factor authentication (MFA) as an additional layer of security against malicious attacks and data breaches. MFA involves the use of at least two forms of security before a user is able to access secured data. This may mean, the use of a mobile device, before officially confirming ones identity. A common example of MFA is when a user is sent a passcode to their mobile device, and asked to enter it where requested.
While MFA is seen as a critical component of online security today, companies, such as Microsoft have urged users to avoid phone-based MFA (when a passcode is sent to the user’s mobile phone via SMS) this is because the security of these SMS services can be fairly weak. SMS messages are not encrypted, meaning an attack could potentially access the plain text code. For this reason companies should look at more secure methods to implement, namely application based MFA like Microsoft Authenticator or Google Authenticator.
To summaries things, you’ll want to have MFA in your company, irrespective of its size, and definitely be wary of its many risks, especially if you opt to go with phone-based MFA. Which ultimately is better than no MFA at all.
2. Risks to Remote Working
As a result of the pandemic, many organisations were forced to adapt by shifting much of their workforce to remote work. Many surveys suggest that this predicament, with many people working remotely, will continue to be true, long after the pandemic has ended.
However, with this new workforce working from home, comes new cybersecurity risks, making it one of the more talked about trends in cybersecurity today. Offices at home, oftentimes have far less security than your typical office space, which usually will have routers, firewalls, access management run by a specialised IT team and more. As many organisations rush to keep work going, the traditional methods of security may not have been as rigorous. Many cybercriminals, aware of this fact, have adapted to take maximum advantage.
A large number of employees choose to use their own personal devices for two-factor authentication, this means they could have mobile app versions of instant messaging software like Zoom, WhatsApp and Microsoft Teams. It’s the blurred line between professional and personal use that poses the biggest risk to confidential information falling into the wrong people’s hands.
As a result, many organisations, as a cybersecurity trend, have opted to focus on the main challenge of distributed workforces. This means mitigating and identifying the security vulnerabilities, implementing security controls, improving systems and ensuring the correct documentation and monitoring. I suggest you read further on this subject, to learn how to work from home safely, free from these potential threats.
3. Extended Detection and Response (XDR)
With the increasing number of data breaches, security teams have become pressured to gain visibility of all data across networks, emails, endpoints, cloud workloads, services and apps.
Extended Detection and Response (XDR) is set to become more popular as it can easily collect data, automatically from numerous endpoints, and correlate this info for quick detection and response to visible threats.
For example, a cyber-incident causing an alert on a network, server and app could be combined together and then correlated to allow for context and visibility of the incident.
4. Rise in Artificial Intelligence (AI)
With the large number of cybersecurity threats, it has quickly become too much for humans to handle by themselves. As a result of this, organisations are now looking to machine learning and AI to improve their security infrastructure. There are numerous benefits to doing so, including cost savings. Studies have shown that of the companies and organisations that experienced a data breach, for those who had AI technology, they were able to save $3.5 million in 2020.
AI has become an integral component of building natural language processing, automated security systems, face detection and automated threat detection systems. With AI, it’s also possible to analyse large amounts of risk data, at a significantly faster pace. This benefits both the larger company dealing with huge amounts of data, and the mid-sized or small company, whose security teams may be under strengthened.
While the advent of AI provides for a lot of opportunities for stronger threat detection in businesses, cybercriminals are also looking to take advantage of this technology to automate their own attacks, using model-stealing and data-poisoning methods.
When it comes to practical applications of AI, there is still a lot of development going on there. We can expect, for the foreseeable future that machine learning and AI will continue to develop and grow in both capabilities and sophistication.
5. Insider Threats
With the increased number of employees working remotely, this has left a lot of organisations around the world, unprepared to monitor the increased number of identity insider threats. As a result of weak passwords, unauthorised remote access, unsecure networks, and the misuse of certain personal devices. We can expect to see a spike for the remainder of the year, and the year to follow.
According to expert reports, we already witnessed insider data breaches increase by almost 10% last year, accounting for almost 33% of all cybersecurity incidents. For this year, we can expect something fairly similar. As cybercriminals have not let up, this trend continues to grow presenting another challenge for cybersecurity conscious organisations and users alike.
Uchenna Ani-Okoye is a former IT Manager who now runs his own computer support website compuchenna