December 22, 2020 By Mark Stone 5 min read

This year has seen major changes in cybersecurity trends. At times, 2020 seems to have come and gone in a flash. For many, it has dragged on for what seems to be years and years. Data breaches, new threats to education, the new normal of working from home (WFH), new malware styles and pandemic-related attacks are all cybersecurity threats specifically created or accelerated by COVID-19 and 2020’s other big news events. They are all part of a permanent and dramatic shift in society. 

The way we do business will never be the same. The psychology and culture of the enterprise have changed to reflect the impacts of society. The industry must adapt to this new normal, too. 

New Cybersecurity Trends Stem From How People Work

When the pandemic began impacting people and businesses in the spring of 2020, the business world was forced into a rapid digital transformation. While the technology was ready, not all employees were. For the first time in many of our lives, we faced the very real threats of not having an income, fearing for our lives or being isolated and unable to go out. 

Even for those whose employment wasn’t affected, the shift was massive. Suddenly, we went from going into the office and connecting with people to feeling disconnected at home. For cybersecurity teams, who were already overloaded before the world changed, the battle will only become more formidable. 

Tyler Cohen Wood, cybersecurity expert and former senior intelligence officer with the Defense Intelligence Agency, has been consulting (virtually) with employees and C-suite executives. She says the top priority for enterprise is to manage threats that have grown due to work-from-home measures. 

“As a society, we went from being 90% reliant on technology to about 99.9%,” Wood says. “The whole world had to shift to this new method of working very quickly, and it took a while to get some of the kinks out.” 

Almost immediately, companies began seeing specific COVID-themed spam and attacks. As we all know, social engineering succeeds because it relies on fear and on creating the feeling that something must be done right away. Suddenly, people were working from home while their kids were also at home learning online. 

How Long Will WFH Last? 

More and more companies are adopting a hybrid or fully remote work structure. So, it appears that these same cybersecurity trends will be with us well into 2021.

Still, whenever the pandemic is fully under control, how do we know that the work-from-home model won’t prevail? After all, as a society, we are getting used to this new normal. 

Many business leaders Wood has spoken to are enjoying not having schedules full of flights, business trips and in-person meetings that may have been less productive than they realized.

“Generally, employees are being very efficient, and companies are effective,” Wood says. “So instead of going into the office and spending four hours out of your day in meetings and chatting, people are actually doing work.”

WFH Threats

While these efficiencies are tangible from a business standpoint, it’s not ideal for cybersecurity — moreso with so many threats in the home.

According to Wood, the myriad of connected devices we bring into our homes represent a noteworthy risk for the enterprise. Smart assistants, such as Alexa or Google Home, notwithstanding, there are other, less tangible threats we need to be plugged into as the work-from-home movement continues.

When we’re all at home, she suggests, kids’ gaming, smart home devices, work computers and home computers often reside on the same home network. While this may appear inconsequential, it’s a major talking point for Wood looking ahead to the next year or two. 

“If you don’t put your work and home data on their own separate networks, then any of those endpoints or IoT devices could be attacked and used as a hopping point to get into the corporate network,” Wood says.  

The severity is underscored by the fact that cybersecurity is not the top priority for many companies. After all, their main focus is to generate income because they’re afraid of going out of business.

Cybersecurity Trends in the New Normal 

In order to keep up with today’s devices, Wood proposes that the cybersecurity model must be changed. 

Wood’s experience with numerous intrusion cases for both NASA and the Department of Defense prompts her to advise a more collaborative model where companies are working together — maybe not speaking about tradecraft or IP, but perhaps even building a big signature database. 

She recalls an incident at NASA in which she saw similar IP addresses, tools and payloads from a similar attack at DoD.

“I saved months by just searching for those similar variables,” she says. “So, if we could do that on a wider scale, it’s something I think could work. I really believe the only way we can win this fight is together.”

How can this be accomplished? Wood proposes full-scale teamwork. Bring together businesses of all sizes, law enforcement, cybersecurity experts and the industry at large to work together on what everybody is seeing in the wild and what to do about it. From there, techniques can be built out with AI so all parties can leverage the data. 

Until then, managed cybersecurity services should be given serious consideration —even for smaller companies. Some managed security service providers may not be a fit for your company normally, but they’ll take work-from-home into account and protect your threat surface. 

Keeping Up With Cybersecurity Trends at Every Level 

No matter how many tools or the level of third-party assistance a company has at its disposal, cybersecurity won’t catch up to technology without bringing the focus back to people. For us to succeed in 2021 and beyond, Wood insists that cybersecurity awareness must transcend the company and touch upon every level: personal, family, national and global. 

“People are more invested in cybersecurity if they understand that it is actually protecting themselves or their family,” she says. “There are incredible cybersecurity awareness tools and programs out there. But unless it’s presented in a way that makes people think, ‘Oh wow, I get it, by clicking on this link I can put my family in danger,’ it won’t resonate.”

Moreover, Wood notes, people must abandon the mindset that they don’t have anything to hide or anything to lose. We’re holding so much data in our pocket. Our smartphone may be the most dangerous thing to lose. Think about it: would you rather lose your phone or your wallet? 

Knowing What You Use is Key

For Wood, even spending 30 minutes going through all the apps on your phone and seeing what each has access to can vastly improve the average person’s cybersecurity knowledge. In turn, this helps them understand their employer’s cybersecurity posture. For an even greater impact, share these lessons with your children. 

We’ll never close the skills gap — which will be critical in addressing future challenges — if children aren’t taught about cybersecurity trends in schools and at home. 

“I never thought that something like a pandemic would happen in our lifetime,” Wood says, “and that it would actually be technology that saved us and allowed us to continue working and communicating. There’s so much more opportunity for innovation now than ever before.”

That combination of innovation and education will be crucial for cybersecurity as we look ahead. 

In the meantime, to improve security for your work-from-home environment today, here are some great tips

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today