The massive and hasty transition to a huge global-scale remote workforce earlier this year has put an even bigger buzz on the topic of cybersecurity. While some governments and regulatory bodies such as the GDPR and EU’s Cybersecurity Act have already put more stringent measures in place to allow citizens to manage their digital footprint and alert member nations to potential bad actors and threats, staying ahead of cybersecurity threats is a difficult task. One thing is for sure and that is cybersecurity will dominate security concerns in coming years and most likely for the foreseeable future. Below are just a few of the biggest concerns that are facing leading cybersecurity professionals today.
There has been plenty of controversy regarding 5G networks and while phone carriers are singing praise, others are not so sure. Paul Lipman, the CEO of BullGuard, a leading internet security company, recently shared his concerns regarding 5G technology. “5G is set to be the most sweeping communication revolution we have ever experienced and will usher in an area of innovative new consumer services. Because 5G is a switch to mostly all-software networks, and upgrades will be like the current periodic upgrades to your smartphone, the cyber vulnerabilities of software poses potentially enormous security risks.”
There is also a trade war currently going on between Huawei, the leading manufacturer of 5G carrier equipment, and the United States over concerns that 5G equipment will allow foreign governments to spy on citizens.
Other professionals are predicting that 5G technology will create a minefield for security professionals as the number of connected devices sending and receiving will soar.
Josh Lemos, VP of Research and Intelligence for BlackBerry Cylance, stated “As cities, towns and government agencies continue to overhaul their networks, sophisticated attackers will begin to tap into software vulnerabilities as expansion of bandwidth that 5G requires creates a larger attack surface. Governments and enterprises will need to retool their network, device, and application security, and we will see many lean towards a zero-trust approach for identity and authorization on a 5G network.”
Cybersecurity professionals also believe that the US election this fall may cause an increase in hacking and cyberattacks. The 2016 election publicly revealed foreign disinformation campaigns designed to disrupt the election process. Social media was a huge catalyst for amplifying misleading and false information – which is still a problem today.
French Caldwell of The Analyst Syndicate says the actual act of voting could be at risk. “Hackers with ties to Russia did gain access to voter databases in some counties, but they did not alter voter data. The evidence of vulnerability of voter databases could tempt foreign actors to go even further in 2020 – not only gaining access, but perhaps locking down voter databases with ransomware. Ransomware attacks in the days just prior to the election would prevent the distribution of voter lists at polling places. Without the voter lists, election judges would not be able to verify registered voters, meaning thousands and maybe millions of people in affected localities would have to use provisional ballots or, if the ballots run out, may even not be able to vote at all.”
Chairman of BugCrowd, Casey Ellis, says “much of the voter narrative on election security focuses on the cybersecurity elements,” which he predicts will make agencies more accountable. “The good news is, we’re already seeing a move in the right direction with the call for vulnerability disclosure programs across agencies, which would allow whitehat hackers to help surface flaws in election websites and applications in lead up to and through the elections.” In other words, we should expect hacking and we should also expect accountability.
Although they have been around for a while, phishing emails are not going anywhere anytime soon. The Director of Cybersecurity at Uptake, Matt Jakubowski said “phishing is still one of the number one ways an attacker will get into a network or infect users.” and advised that hackers will continue to exploit avenues like email because organizations need to allow email access.
“While there are threats that you can completely mitigate by disabling a service or whitelisting/blacklisting, phishing is not one of those as you have to allow access to email,” says Christopher Hass, Director of Information Security and Research at Automox. “It is also much easier to craft a good-looking phishing email than it is to discover and weaponize a zero-day.”
PJ Kimer, the founder of Illumio further explains that people around a main target can also be at risk. “Whether it’s the child of an executive, an executive assistant, or even someone with administrative privileges, it only takes one wrong click for them to implant malware on their parent’s phone, opening up the back door for a bad actor to get into the company network.”
While there is no magic or foolproof method against cyberthreats, being prepared, and having the right team of pro-active experts at your organization’s side is the best key to being protected. Threats can damage so much more than just data; they can completely destroy the functionality and reputation of an organization. To learn how MBC can address threats head-on with our cutting edge cybersecurity protection services, get a free assessment today