Looking Back on 2020 Through a Cybersecurity Lens

By Shane Carley

There is never a dull moment in the cybersecurity industry. Cybercriminals are nothing if not creative, and staying one step ahead of them requires being innovative, agile and ready for anything. Maybe that’s why our clients in the cybersecurity field seemed more dedicated than ever when faced with the unprecedented challenges 2020 has thrown our way. In the face of a massive migration to remote work, the emergence of new attack vectors and the continued rise of notoriously difficult-to-stop ransomware attacks, they reminded us of one thing: facing down threats is what they do. 

As the year winds to a close, it’s worth looking back on some of 2020’s biggest cybersecurity trends. What were the big stories? What topics had the industry buzzing? Taking stock of where we’ve been this year is a worthwhile exercise, and it can also tell us a thing or two about where we’re going. 

The Shift to Remote Work Presents New Security Challenges

When COVID-19 first reached American shores and states began issuing lockdown orders, the shift to remote work was swift. Gallup polling indicates that more than 50% of U.S. workers were fully remote during the month of April, and while that number fell to 33% by September, the rate of remote work remains considerably higher than pre-pandemic levels. 

This rapid shift to remote work posed significant challenges for IT departments, which were now tasked with enabling employees to securely access company data from wherever they might be. A study conducted by Sectigo indicated that nearly 40% of businesses delayed revenue-generating initiatives in order to prioritize remote work setups, and securing those remote access pathways has been an ongoing project for many.

Critical Infrastructure Remains at Risk

Election security was a major concern in 2020, but the presidential election ultimately went off without a hitch — at least from a cybersecurity perspective. But election infrastructure isn’t the only area where the U.S. has dangerous vulnerabilities. Researchers this year discovered that infrastructure security throughout the country is lacking, with industrial control systems, oil wells, water treatment and distribution systems, and more proving vulnerable to attack. Shoring up America’s infrastructure will continue to be a hot topic moving forward.

Ransomware Is on the Upswing

Not so long ago, most ransomware attacks were “smash and grab” operations, where an attacker would steal or encrypt any data they could get their hands on, then demand payment. Today’s ransomware attackers are more deliberate, pioneering a “Ransomware 2.0” approach that involves conducting reconnaissance within the network to identify the most valuable data before acting. As a result, attackers are getting their hands on higher value data and increasing their average payout. 

Unfortunately, this has led a growing number of attackers to turn to ransomware, and a recent Veritas study highlighted the fact that many businesses’ IT complexity is outpacing their security capabilities, leaving them dangerously vulnerable to such attacks. Stopping these new ransomware attacks requires a shift in thinking, and a focus on in-network detection capabilities rather than perimeter defenses. As ransomware continues to skyrocket, the adoption of new in-network defense technologies is a trend that is likely to continue.

Social Engineering Attacks Are Here to Stay

Social engineering attacks target the weakest link in the cybersecurity chain: the users. Spear phishing and business email compromise (BEC) attacks fall under this umbrella, and are usually carried out by attackers impersonating a person of authority within a company to fool an employee into turning over valuable data or even directly transmitting money. These attacks circumvent typical perimeter defenses by tricking users into giving them what they need. 

These attacks were already on the rise, and unfortunately the COVID-19 pandemic has given cybercriminals a new angle to work with. Widespread remote work has made it harder for employees to verify the authenticity of emails firsthand. Tools capable of verifying the authenticity of an email are on the rise, but human error remains a concern.

Quantum Computing Is Coming

It isn’t here yet, but quantum computing is closer than ever — and that means that traditional encryption algorithms will soon be obsolete. Fortunately, this doesn’t come as a surprise to the security industry, and quantum-safe replacement algorithms are actively in development. The National Institute of Standards and Technology (NIST) has been working hard to identify these new algorithms, and expects to have a selection of standard algorithms by 2022. Although that date is still two years away, IT teams are beginning to put plans in place to migrate over to these new algorithms when it becomes necessary.

As we leave 2020 behind, we consider ourselves fortunate to work with so many great clients in the cybersecurity industry. We also appreciated the opportunity to engage with and learn from some terrific thought leaders, including those featured in our CyberSide Chat video series. The COVID-19 pandemic has presented us all with new obstacles to overcome, but our cybersecurity partners are always looking ahead to anticipate the next set of challenges. We look forward to learning more from them in the new year as we see what 2021 has in store!