For all of us the idea that we close 2020 and start 2021 afresh is appealing. But it will not happen. The impact of Covid-19 will reach into the New Year, even as we pin our hopes on a vaccine. And in the cybersecurity world, we are now preparing for an onslaught of new and inventive attacks that prey on these hopes and bring further challenges for individuals and for companies.
It seems likely that we will see a rise in malicious activities by as much as 40 per cent next year and we anticipate that smaller enterprises will be the main victim. Previously they’ve often fallen under the attack radar, but if they’re not using adequate security, the chances of escaping a breach are reducing every day.
There are good reasons for this:
- As working-from-home continues, employees will add private devices onto the corporate network, and leave corporate devices unattended at home.
- The onslaught of ransomware and phishing attempts will increase, and it takes just one click of an attachment to take an unwitting user on to a malicious website.
- Other family members will be targeted, particularly children who will be encouraged to send infected emails to a parent’s corporate computer.
- The dispersed workforce also means that sensitive data now has a much broader geographic footprint. This not only introduces new vulnerabilities, but also means that organisations have less control over the devices that people are using for work.
To combat the increasingly sophisticated level of threats, we are likely to see current regulations being extended into remote locations and homes to enforce protection mechanisms. This is not a bad thing, but the fundamental issues of protection can be addressed now.
Given the continuation of remote working, endpoint devices are set to be the biggest area of vulnerability as we move into 2021, and the biggest attack vectors for endpoints are keylogging and screen-grabbing malware through which sensitive data can most easily be snatched.
No one should be fooled into thinking that anti-virus and two-factor authentication will help them withstand this type of attack. If a keylogger is installed on a remote endpoint laptop which has a lower security posture than it would within the secure corporate perimeter, an attacker gets full access as the user logs-in and to everything the user enters at the keyboard or displays in a local application.
As we have discussed many times before, data entry on unmanaged devices must be protected, particularly on devices that work with remote access apps like Citrix, VMWare, WVD, web browsers and Microsoft Office applications. Browsers that access the corporate network should also be locked down. Enterprises can find out more about how to protect themselves here: https://www.sentrybay.com/solutions/enterprise-software
But on a positive note…
We finish 2020 with a smile. We have added senior appointments at SentryBay in this last quarter and they are already having a positive impact on our sales and product development. We expect to expand further in the New Year and to announce new financial sector wins in Europe to our ever-growing portfolio of enterprise customers. We know that combatting malicious cyber activity is essential and we are working hard to devise new solutions that introduce even higher levels of protection, so watch this space.
We would like to wish all of our customers, partners and suppliers all the best for the festive season and our hopes for a prosperous, and safe, New Year.