The insider threat is one of the greatest drivers of security risks that organizations face as a malicious insider utilizes credentials to gain access to a given organization’s critical assets.
Steve Durbin, Managing Director of the ISF
For the past eight months, the global COVID-19 pandemic, along with the unprecedented shift to work-from-home for many employees, has altered the way both people and enterprises approach work and conduct business. And while many of these changes are likely to become permanent, issues such as cybersecurity continue to evolve as the threat landscape shifts.
In the rapid shift to work-from-home, many businesses rushed employees out of the office with cybersecurity as an afterthought. As the new, remote routine settled in, businesses began rethinking their strategies, recognizing that the attack surface had changed and that threat actors now had many more ways to infect networks to steal data.
At the same time, threat actors quickly adjusted to the new reality created by COVID-19, such as targeting vulnerable home networks. “The coronavirus pandemic did not revolutionize the threat landscape,” said Kacey Clark, a threat researcher at cybersecurity firm Digital Shadows. “However, it demonstrated that cybercriminals could quickly exploit any period of high uncertainty and public attention for their selfish interests.”
With 2021 fast approaching, cybersecurity experts and analysts note that cybersecurity will continue to evolve even as most of the world enters a post-COVID-19 era, with cybercriminals, threat actors and nation-state hackers ready to take advantage of whatever may happen next. This will keep CISOs, their security teams, as well as their counterparts in IT, trying to catch up and stay ahead.
For those looking ahead at what the next 12 months may bring, and to help better understand how security will change, here are five cybersecurity trends to watch in 2021.
Cybersecurity Threats From the Inside
The more mobile and remote a workforce is, the more likely that an employee may cause an accidental breach by opening up a phishing email or giving away their credentials without thinking. At the same time, workers themselves might see ways to benefit from the wealth of data that they can now access without the same type of supervision.
Even before the pandemic hit, the 2020 Verizon Data Breach Investigations Report, published in May, found that insider threat cases now account for about 30 percent of breaches and other security incidents. That trend is likely to continue into 2021, said Steve Durbin, the managing director of the non-profit Information Security Forum.
“The insider threat is one of the greatest drivers of security risks that organizations face as a malicious insider utilizes credentials to gain access to a given organization’s critical assets,” Durbin told Dice. “Many organizations are challenged to detect internal nefarious acts, often due to limited access controls and the ability to detect unusual activity once someone is already inside their network. The threat from malicious insider activity is an increasing concern, especially for financial institutions, and will continue to be so in 2021.”