IT News: Security (Jan. 4th)
John J. McLaughlin
Editor-In-Chief, Board Member, Professional Services Engineer, Community leader
Selections from Volume 273 Issue 5 of the weekly newsletter, “IT News and Events.”
The Worst Hacks Of 2020, A Surreal Pandemic Year
From ransomware schemes to supply chain attacks, this year melded classic hacks with extraordinary circumstances
"WHAT A WAY to kick off a new decade. 2020 showcased all of the digital risks and cybersecurity woes you've come to expect in the modern era, but this year was unique in the ways Covid-19 radically and tragically transformed life around the world. The pandemic also created unprecedented conditions in cyberspace, reshaping networks by pushing people to work from home en masse, creating a scramble to access vaccine research by any means, generating new fodder for criminals to launch extortion attempts and scams, and producing novel opportunities for nation-state espionage.
Here's WIRED's look back at this strange year and the breaches, data exposures, ransomware attacks, state-sponsored campaigns, and digital madness that shaped it. Stay safe out there in 2021..." [Wired, December 28th, 2020]
Security Pros Reflect On 2020
Eight cybersecurity leaders go deep on their most valuable (and very human) takeaways from a year like no other we've known
"What was it like working cybersecurity this year? We know all the obvious answers: The pandemic forced just about everyone to work from home, security teams had to scramble to protect disparate networks and home setups, and cybercriminals made life miserable by taking advantage of the chaos.
But with 2020 a few days shy of being behind us, what are some of the takeaways and relevant experiences security professionals think about on a deeper level? Eight security leaders shared with The Edge what stands out for them the most..." [Dark Reading, December 29th, 2020]
What You Need To Know About Security Challenges In 2021
Businesses must adapt their security practices, so they can take advantage of the benefits of work-from-home models without creating extra risks
"Let's face it, 2020 was a rough year for predictions. But as we near a new year, I'm emboldened to take a stab at what 2021 holds for us in the cyber security world. I see two main drivers: The emergence of 5G and the continued impact COVID-19 is having on businesses. From these drivers, I see many important developments we'll need to watch in the coming months.
5G achieves lift-off, and that changes things
We've all been talking about 5G for years now, but the inclusion of 5G support in the latest Apple iPhones show that 2021 will be the year that 5G finally lifts off. Gartner forecasted 5G infrastructure spending to top $4.2B in 2020. And while speeds of early networks are not expected to reach 5G's eventual capability, they are impressive nonetheless. Verizon customers are experiencing nearly 800 Mbits/second on average, which represents a roughly 5X improvement over the typical fixed broadband speeds in the US. That means 5G often represents a more viable transport for enterprise networks than traditional fixed broadband..." [Network Computing, December 28th, 2020]
6 Common Types Of Cyber Attacks And How To Prevent Them
To prevail in the battle against cybercrime, companies must understand how they are being attacked. Here are the six most damaging types of cyber attacks and how to prevent them
"Cybercrime is a clear and present risk to governments, businesses and individuals; according to the World Economic Forum Global Risks Report 2020, cyber attacks rank first among global human-caused risks.
The motivation behind cyber attacks has become more varied over the past few years, with disinformation and disruption joining the regular drivers of data theft, extortion and vandalism, and the challenges they present have many security teams on the back foot..." [SearchSecurity, December 31st, 2020]
The 5 Most-Wanted Threatpost Stories Of 2020
A look back at what was hot with readers - offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year
"As 2020 draws to a close, it's clear that work-from-home security, ransomware, COVID-19-themed social engineering and attacks by nation-states will go down as defining topics for the cybersecurity world for the year. Threatpost also took a retrospective view on what readers were most interested during the last 12 months, looking at our top five most-read stories of the year.
Please read on to learn more about what caught reader's attention the most this year, with an eye to summing up some hot trends. Subjects include Microsoft Office 365; major security bugs in Zoom and other platforms; gaming security; the ongoing scourge of Emotet and malware development in general; and concluding with a potpourri of other hot 2020 headlines involving WhatsApp, Fitbit, code-cracking and more..." [threatpost, December 30th, 2020]
10 Benefits Of Running Cybersecurity Exercises
There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills
"Keeping information secure is a difficult task, even if you have bountiful resources. With companies like Nintendo, Twitter, Marriott, and Zoom all suffering high-profile data breaches recently, it's clear that no one is safe from cybercriminals. While most organizations understand the need to build defenses and develop policies to reduce the risk and potential impact of a successful cyber attack, many fail to rigorously test those defenses..." [Dark Reading, December 28th, 2020]
A Look Back At The Top 9 Data Breaches Of 2020
A shift towards remote working in the year 2020 expanded the already fragile threat landscape. Invariably, the number of breaches supporting this work culture went up drastically. At the end of this eventful year, let us sit back and look at the top nine data breaches that grabbed headlines and taught us a lesson or two
"At the beginning of the year, people celebrated the turn of the decade and readied themselves to strike off the 'Things-to-Do' from their bucket list. The year looked promising in the first two months, but little did anyone anticipate they would spend the rest of the year confined within their homes and end up extending their list furthermore. The COVID-19 pandemic made 2020 rather bleak.
The forced lockdown saw a greater shift towards remote working and the uptake of technologies that facilitated this framework. Adoption of cloud and collaboration platforms skyrocketed and gave impetus to rapid digital transformation. However, every coin has two sides, and the flip side was worse. The expanded threat landscape made the already fragile cybersecurity aspect of several businesses cave-in, resulting in greater hacks and data breaches. In fact, a recent report from Risk Based Security revealed that 36 billion records were exposed in data breaches in 2020..." [CISOMAG, December 28th, 2020]
What's Next For Ransomware In 2021?
Ransomware response demands a whole-of-business plan before the next attack, according to our roundtable of experts
"Ransomware works. That's the simplest way to explain why incidents of ransomware attacks have sharply increased over the last year - with no end in sight.
The number of ransomware attacks has jumped by 350 percent since 2018, the average ransom payment increased by more than 100 percent this year, downtime is up by 200 percent and the average cost per incident is on the rise, according to a recent report from PurpleSec.
Groups with names such as Ragnar Locker, Ryuk, Egregor, Conti and many others are ruthless, well-funded and willing to target anyone; from COVID-19 vaccine manufacturers, retailers, banks, local governments and schools to get their payday..." [threatpost, December 31st, 2020]
Key Cyber Security Trends To Look Out For In 2021
Greg Day, vice-president and chief security officer, EMEA at Palo Alto Networks, discusses the key cyber security trends that are set to emerge in 2021
"Looking back on a year of unprecedented uncertainty, countless lessons have been learned across the board for everyone, including cyber security leaders and experts. The overnight change in working patterns meant millions of employees suddenly had to work from home, putting huge strain on access to IT systems.
Threat actors weren't resting on their laurels in spotting how these and other changes created vulnerabilities to target and exploit either; we saw a veritable 'gold rush' in cyber threat activity. By the end of March we had already identified more than 40,000 newly registered websites with coronavirus-related names, which we classified as 'high-risk' sites due to the scams and malware being pushed onto unsuspecting consumers..." [Information Age, December 31st, 2020]
2020 Work-For-Home Shift: What We Learned
Threatpost explores 5 big takeaways from 2020 - and what they mean for 2021
"Goodbye, 2020 - and good riddance, right? Most of us don't want to take too much from this year into the next - but let's make an exception for what we learned about security in the wake of the COVID-19 pandemic. In 2021 after all, more enterprises will permanently downsize their physical spaces and give employees the flexibility to continue working from home.
In an effort to have a safer 2021, Threatpost takes a look at the top five biggest takeaways of the remote-work shift for security teams going forward..." [threatpost, December 29th, 2020]
Ransomware In 2020: A Banner Year For Extortion
From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020
"Remote learning platforms shut down. Hospital chemotherapy appointments cancelled. Ransomware attacks in 2020 dominated as a top threat vector this past year. Couple that with the COVID-19 pandemic, putting strains on the healthcare sector, and we witnessed ransomware exact a particularly cruel human toll as well. Attacks had an impact on nearly all sectors of the global economy - costing business $20 billion collectively and creating major cybersecurity headaches for others.
Below are the most impactful ransomware stories of 2020..." [threatpost, December 28th, 2020]
Cybersecurity Challenges In 2021 And How To Address Them
Security teams faced unprecedented challenges in 2020. The year ahead appears no less daunting. Here are the cybersecurity trends -- and safeguards -- to take into account in 2021
"Back at the beginning of 2020, the five-year outlook for cybersecurity already looked incredibly challenging. The need to ensure the safe implementation of ambitious and wide-ranging digital transformation agendas was running into a skills shortage amid a rise in ransomware as a service and a growth in state-sponsored cybercrime.
And then along came a global pandemic that forced security teams around the world to mutate their information systems at a scale and pace not envisioned by even the most ambitious of digital transformation strategies. For many organizations, the need to shift computer-based work from the office to the homes of employees triggered the rapid installation of new or expanded remote access facilities. Online engagement and transaction capabilities also had to be stood up or beefed up across all sectors of business and government..." [SearchSecurity, December 30th, 2020]
Insider Threat vs. Insider Risk: What's The Difference?
Identifying, managing and mitigating insider threats is far different than protecting against insider risks. Read up on the difference and types of internal risks here
"Insider threat, a long-used term in the infosec industry, is one Joe Payne is ready to retire. Its replacement? Insider risk.
Payne's reasoning is that much 'malicious' insider activity -- such as deleting, copying or uploading files to collaboration apps or cloud storage platforms -- is not a threat, per se, but a consequence of the collaboration culture spreading in today's enterprises.
But that doesn't mean risky behavior can be ignored..." [SearchSecurity, December 30th, 2020]
Editor's Picks: Top Cybersecurity Articles Of 2020
As the year no one could have predicted comes to a close, SearchSecurity takes a 30,000-foot view of the cybersecurity trends and challenges that defined the last 12 months
"Many 2020 cybersecurity predictions were thrown out of orbit when coronavirus cases emerged and COVID-19 was declared a global pandemic by the World Health Organization in March. This year, security teams faced an uphill battle to provide remote access to enterprise networks while simultaneously protecting sensitive data from emerging, pandemic-related cyber attacks in an already volatile threat landscape.
As the year wraps up, some people experiencing "2020 fatigue" may jump at the chance to embrace a new year and never look back. But there are lessons to be learned from the challenges we survived in the last 12 months, whether expected or not..." [SearchSecurity, December 29th, 2020]
Four Ways To Improve The Relationship Between Security And IT
Corporate security and IT departments and the people who lead them often have complicated relationships. But does it really have to be that way?
"It's a critical question as digital business accelerates in every industry and market, its rise only magnified by the COVID-19 pandemic. Never has it been more important for the CIO, CISO and other digital technology leaders to work in lockstep as they shape their organizations' future.
For too long in too many organizations, IT and security have viewed themselves as two different disciplines with fundamentally different missions that have been forced to work together..." [HelpNet Security, December 31st, 2020]
