Netwrix has revealed five cybersecurity trends for organizations to keep an eye on during 2H20:
The insider threat will become even more pressing.
With many organizations already planning to keep more of their staff working from home, IT teams will have to adapt to a larger remote workforce — which means a lack of control over a greater number of endpoints and network devices. Therefore, organizations need to develop new security strategies based on the zero trust model, including ways to prevent sensitive data from spreading across employee endpoints and cloud collaboration tools.
Security by design and by default will become the norm.
Use of online services — from retailers to social media to productivity tools — has exploded during the pandemic. Unfortunately, many users have little knowledge about cybersecurity threats, which makes them easy targets for online scams. To mitigate risk, organizations should clearly communicate security best practices, but they will also need to build in as many safeguards as possible. According to Netwrix, every organization offering online services will be under increased scrutiny to enable strong security and privacy settings by default, and some will use advanced security options as a differentiator.
Deepfakes will take spoofing to the next level.
Emails impersonating C-level management and voice spoofing will continue, but the extensive use of video conferencing for regular communication will lead to a rise in a newer variant of this attack vector: video spoofing. Netwrix doesn’t expect deepfakes to become widespread soon, but AI and neural networks will make them more probable. To withstand this threat, organizations will have to reshape their approval processes, especially for budget and data access. In addition, IT teams will need to increase the accountability of all employees and prevent illegitimate elevation of privileges.
Attacks will go undetected in a flood of false alarms.
The abrupt change to remote working has caused many security monitoring solutions to generate far more false positives, since they require time to adapt to the new normal. According to Netwrix, a similar spike in false alarms will occur when employees return to the office. Hackers will continue to use these turbulent time to launch attacks, knowing that organizations will be blind to their malicious behavior. IT needs to remain vigilant and find ways to spot and investigate the true threats in all the noise.
Organizations will move beyond passwords.
As people flock to online services, re-use of passwords between services will increase, since users cannot remember dozens of unique passwords and are reluctant to adopt password management tools. To reduce the risk of breaches from compromised credentials, organizations will adopt non-password authentication methods, such as biometric data like fingerprints or eye scans. As the amount of personal data transmitted and stored online increases, organizations will need to implement adaptive risk management programs and have security in mind every time they implement new services and technologies.
Every crisis forces organizations to scrutinize where they are focusing their resources and efforts. While many IT projects can be suspended, a strong cybersecurity strategy remains vital. Automating cybersecurity tasks enables IT professionals to do more with less while reducing human errors and inconsistencies, which helps the organization improve productivity, reduce operational expenditures and refocus the talent of their workers on more critical areas.