The COVID-19 pandemic shocked the world and changed how businesses operate overnight, both internally and in their interactions with customers. The event forced major changes that weren’t expected to occur for five to ten years, accelerating digital initiatives worldwide at a pace fast enough to unexpectedly break things.
As more organizations implemented collaboration tools and moved their infrastructures, networks, and applications away from on-premises environments and into the cloud, everything became more accessible to users, and in many cases, attackers. Hackers will continue to take advantage of our work environments and the trends advancing them in 2021, but some targets stick out more than others.
As we look ahead to 2021 and to defending against an ever-evolving variety of exploits and attacks, it’s important to consider the cybersecurity attack vectors that will be most prevalent in the upcoming year.
Even with COVID-19 vaccines on the way, attackers will continue to try to steal and exploit resources from vaccine research centers. As hospitals and medical centers will be offering the vaccine, they also continue to be a favorite target of cybercriminals. From the theft of intellectual property and ransomware attacks to common phishing attacks, healthcare will be a premium target in 2021.
Hackers will capitalize on the COVID-19 pandemic to trick or scare people into providing access to their data, and therefore their organizations’ networks and resources as well. Over the past year, hackers have increased their rate of attacks significantly, disguising themselves over email as health authorities and luring people into clicking malicious links.
Worse still, despite the many deaths since COVID-19 first emerged, cyberattackers are not afraid to endanger patients in need of emergency medical treatment. In early September, attackers exploited a hospital in Germany that was forced to shut down essential equipment. This resulted in what many people are saying is the first death by cyberattack. The tragic event proves hackers have no boundaries for who and what they will target, and it highlights that ransomware is quickly becoming more dangerous to people and critical resources.
I expect that hospitals and COVID-19 vaccine research centers will continue to be top targets for hackers in 2021 — at least until they’re no longer able to exploit the pandemic psychologically. It’s unclear if attacks on the healthcare industry will become commonplace, but with every new attack, it matters less and less. A solution for healthcare data and system defense will no doubt be a priority for companies in the security sector in the coming years.
In 2020, remote access became the biggest workplace trend. Now with millions of people still working from home, VPN usage is at an all-time high. While VPNs allow organizations to provide remote access, cybercriminals have also caught on. Hackers are on alert and have devised new ways to exploit users and their organizations through virtual networks.
In 2021, we will continue to see a boom in attacks on VPNs, as legacy iterations and products are now more easily breached. While hackers love the challenge and reward of exploiting new technologies, VPNs in many cases offer a familiar way to subvert common cyber precautions. Too often, VPN vendors are guilty of neglecting to patch vulnerabilities within their technology. Data-sensitive industries such as financial services, government, and healthcare are common users of VPNs and without patching discipline, they’re providing an open door for attackers to gain entrance to the networks.
Over the past months, we have also seen rising VPN exploits due to stolen credentials and another dangerous reality: misconfigured clients. These are difficult to detect but are common pitfalls — especially as companies’ clouds become more complex and span more resources. This isn’t new: Over the years, hackers have been exploiting VPNs as the cloud becomes ubiquitous, but now with everyone working remotely these issues touch millions of users and their data in one go.
To defend against these attacks and bring the most vulnerable attack vectors out of hackers’ reach, companies will need more sophisticated network access management. All it takes for hackers to exploit an entire organization is to find the employee with the most access and the least security hygiene. More organizations are waking up to this reality and adopting VPN alternatives, like Zero Trust Network Access, which go beyond one-size-fits all access rules and provide greater network segmentation. This shift will only accelerate in 2021.
Remote work has made it easier for hackers to gain access and move laterally within an organization's local and cloud resources as well. Accordingly, the importance of vulnerability tracking in the VPN or remote access environment cannot be overstated when heading into 2021. Organizations that solely rely on VPNs for remote corporate network access, rather than more holistic services that include a SIEM alerting tool or cloud firewall, are opening themselves up to a potential VPN-enabled breach.
2020 was a difficult and challenging year for cybersecurity from many different perspectives, and in 2021 we will experience an uptick in evolving threats. But with modern, remote-ready security solutions and technologies in place, the world will become more secure one step at a time.