On securing the ‘next normal’
In 2021, COVID-19 will still be impacting our lives, businesses and societies, and those impacts will change as the year progresses. So we need to be ready not for a permanent ‘new normal,’ but instead for a series of ‘next normals’ as we respond to those changes. Following the rush to remote and flexible working, organisations need to better secure their new distributed networks and cloud deployments to keep their applications and data protected. This means enforcing and automating threat prevention at all points of the network – from employees’ mobiles and endpoints, to IoT devices, to clouds – to stop advanced attacks spreading rapidly across organisations, and exploiting weaknesses to breach sensitive data. Automating prevention will be critical, as 78% of organisations say they have a cyber-skills shortage and 76% are struggling to recruit new cyber-security talent.
No cure for COVID – related exploits
As COVID-19 will continue to dominate headlines, news of vaccine developments or new national restrictions will continue to be used in phishing campaigns, as they have been through 2020. The pharmaceutical companies developing vaccines will also continue to be targeted by malicious attacks from criminals or nation-states looking to exploit the situation.
Privacy? What privacy?
For many people, their mobile devices are already giving away much more personal information than they realise, thanks to apps demanding broad access to peoples’ contacts, messages and more. This problem has been magnified with buggy COVID-19 contact-tracing apps, which have been rush-released with privacy problems, leaking data about individuals. And that’s just legitimate apps causing problems: mobile malware targeting users’ banking credentials and committing click-fraud on adverts is still a significant and growing threat.
5G benefits and challenges
The totally connected, high-speed world promised by 5G also gives criminals and hackers opportunities to launch attacks and cause disruption by targeting that connectivity. E-health devices will collect data about users’ wellbeing, connected car services will monitor users’ movements, and smart city applications will collect information about how users live their lives. This massive volume of data from always-on, 5G devices will need to be protected against breaches, theft and tampering to ensure privacy and security against attacks, especially as a lot of this data will bypass corporate networks and their security controls.
Internet of Threats
As 5G networks roll out in APAC in the next couple of years, the numbers of connected IoT devices will massively expand – drastically increasing networks’ vulnerability to large scale, multi-vector cyber-attacks. IoT devices and their connections to networks and clouds, are still a weak link in security: it’s hard to get complete visibility of devices, and they have complex security requirements. We need a more holistic approach to IoT security, with a combination of traditional and new controls to protect these ever-growing networks across all industry and business sectors.
Sharat Sinha, Vice President/GM, APAC, at Check Point Software Technologies