16 December 2020

2020: The Year the COVID-19 Crisis Brought a Cyber Pandemic

BY DAN LOHRMANN

Ask almost anyone what the top global story was for 2020, and they will likely start with the COVID-19 pandemic. But there is much more to this story. 

2020 will also be remembered as the year that security events exploded and cyberincidents transformed society in numerous ways. Consider this small sample of headline stories:

The magnitude (breadth, depth and height) of this overall online set of Internet trends has revealed many positive benefits. For example, numerous people are enjoying the quality of life benefits received in the move to working from home.


Going further, some experts argue that technology has been a silver lining during this pandemic, since so many communication, business and personal interactions moved online without significant outages or business impacts for 80 percent of the economy (excluding travel, hotels, restaurants, etc.). In a sense, cyberspace has stepped up to the challenges brought by COVID-19 in ways that did not (and could not) happen during the last major pandemic in 1918. 

But the negative cybersecurity impacts of these online changes have led many experts to summarize the combined events this year as a growing “cyber pandemic.” In this year-end perspective, global people, process and technology changes in moving to digital transactions from home have been a type of “Trojan horse” for cybercriminals and nation state bad actors. 

I jumped on this bandwagon as an early voice using this new term. For example, in early June I asked: “Is a Cyber Pandemic Coming?” This was right after the CEO of Checkpoint told a four-day online summit organized by the Israeli-American Council and the Peres Center for Peace and Innovation that “we need to prepare for the coming cyber pandemic.” 

Here is an excerpt from the last CNBC article: "The UAE has seen an 'at least 250% increase' in cyberattacks this year, Al Kuwaiti said, as the pandemic forced organizations around the world to reconsider how and where they work and hackers and malicious actors took advantage of increased digital adoption.

"'There is a cyber pandemic, not only a biological pandemic,' he said.

"Al Kuwaiti also said that the United Arab Emirates was the target of 'huge attacks' from 'activists' against the UAE after it established formal ties with Israel in August."

What Are the Results of a Cyber Pandemic?

Defining a cyber pandemic is a bit like defining a “perfect storm” — only this storm is in cyberspace. There are many moving parts, which include an “all of the above” list of threats and cyberattacks listed in items No. 2-5 below. From ransomware to data breaches and from election security to unemployment fraud, COVID-19 has in many ways unleashed a new set of challenges and/or accelerated existing challenges within global enterprises.

What is clear is that technology and security pros struggled in 2020 to respond as quickly to the changing environment as did the bad actors, who took advantage of unprecedented shifts in people, processes and technology within governments and worldwide companies. 

One specific example comes from the World Health Organization (WHO), which reported a fivefold increase in cyberattacks in late April 2020. Here’s an excerpt:

"Since the start of the COVID-19 pandemic, WHO has seen a dramatic increase in the number of cyber attacks directed at its staff, and email scams targeting the public at large. 

"This week, some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response. 

"The leaked credentials did not put WHO systems at risk because the data was not recent. However, the attack did impact an older extranet system, used by current and retired staff as well as partners. 

"WHO is now migrating affected systems to a more secure authentication system."

Meanwhile, Wired magazine offered another trend during the pandemic, namely that "Internet Freedom Has Taken a Hit During the COVID-19 Pandemic." Here’s an excerpt from the piece: “From surveillance to arrests, governments are using the novel coronavirus as cover for a crackdown on digital liberty.

"Almost 40 million people around the world have contracted COVID-19, and more than 1 million have died from the virus. The devastation has rippled even further, thanks to a global recession and rising political unrest. And as all of this unfolds, new research indicates that the governments around the world have exploited the pandemic to expand their domestic surveillance capabilities and curtail internet freedom and speech.

"The human and digital rights watchdog Freedom House today published its annual Freedom on the Net report, which tracks the ebb and flow of censorship laws, net neutrality protections, internet shutdowns, and more around the world. This year's report, which covers the period from June 2019 through May 2020, encompasses not only the Covid-19 pandemic but also the trade war between the US and China, which has resulted in a dramatic acceleration of the cyber sovereignty movement. Combined with numerous other geopolitical clashes that have impacted digital rights, global internet freedom has been broadly curtailed in 2020."

One expert put it this way: "We’re sleepwalking into a world where our most sensitive personal and biometric data will soon be at the mercy of private companies, security agencies, and even cybercriminals."

Changing Cyber Ahead?

We will cover 2021 security industry predictions next week, but a quick mention that McKinsey believes that cybersecurity technology and service providers are shifting priorities to support current needs: business continuity, remote work, and planning for transition to the next normal, after the pandemic:

"Few corporate functions shifted priorities so much and so quickly when the COVID-19 crisis struck as corporate cybersecurity operations and the technology providers that support them did. As legions of employees suddenly found themselves in a work-from-home model, chief information-security officers (CISOs) adjusted, pivoting from working on routine tasks and toward long-term goals to establishing secure connections for newly minted remote workforces. CISOs also took steps to prevent new network threats that target remote workers and to bolster business-facing operations and e-commerce after a surge in online shopping during pandemic lockdowns.

"The response to the crisis continues to press department budgets and limit resources for other, less essential functions—a situation that we believe will direct spending in fiscal year 2021, which many departments are beginning to plan for. According to new McKinsey research, overall spending should taper off from the sector’s recent rapid growth in industries that were hit hard by the COVID-19 crisis while holding steady in industries that have not been as affected.

"The challenges that cybersecurity organizations face have spilled over to technology providers. Those companies have done their own pivots to keep up with customers’ shifting needs and to institute new ways of doing business. To succeed in the post-COVID-19 era, technology providers must rethink their strategies and offerings to accommodate a new security landscape. And they must continue to monitor customers’ needs and adjust sales, service, and training accordingly."

Other Top Cyberissues In 2020

2) Election Security: Unlike the topic of a cyber pandemic and issues associated with COVID-19, almost everyone predicted a ton of attention on the U.S. presidential elections in 2020, and the experts were correct on this one.

There are thousands of stories on "How election security has become a top issue," and there are numerous perspectives and related content that vary from CISA Director Chris Krebs getting fired to foreign influence (or not) in elections to new rules on voting because of COVID-19

At the time of this publication, President Trump has not conceded the election, and there are still claims of fraud and more. One thing is certain, we will be talking about election security and more changes throughout the next decade. 

3) More Ransomware Emergencies: The top cyber story from 2019 was how ransomware targeted state and local governments.

In 2020, the surge in ransomware attacks continued with hospitals, schools and more being hit hard — with bigger ransoms being paid

The ransomware surge trends do not bode well for organizations in 2021 and beyond, with soaring costs and more bold plans from the bad actors. Read or listen to this interview to see why. 

4) Data Breaches: The dramatic breach announced by U.S. cyberfirm FireEye this week by nation state hackers has capped another headline-grabbing year of significant cybersecurity incidents. The Wall Street Journal reported that “the cybersecurity company said the attack compromised its software tools used to test the defenses of its thousands of customers.”

As in previous years, significant data breaches continued, almost nonstop, throughout the year. For example, another data breach announced this week came when criminals accessed vaccine documents in a cyberattack on the European Medicines Agency (EMA). Papers relating to the Pfizer/BioNTech vaccine were reportedly targeted in the cyberattack. Similar cyberattacks leading to data breaches occurred throughout the year, but these received less attention due to the pandemic and other headline news, such as election security.

The final numbers are not in yet for 2020, but the number of data records exposed has risen again. According to Risk Based Security:
There were 2,953 publicly reported breaches in the first three quarters of 2020, a 51% decrease compared to the same time period last year.
2020 was already the “worst year on record” by the end of Q2 in terms of the total number of records exposed. The three months of Q3 added an additional 8.3 billion records to the count, bringing the number of records exposed through the end of September to a staggering 36 billion.
Two breaches in Q3 exposed over 1 billion records each and four breaches exposed over 100 million records. Together these six breaches accounted for approximately 8 billion exposed records, or 22.3% of the records exposed through the end of Q3.
Malicious actors continue to be the driving force behind the number of breaches occurring, while misconfigured databases and services remain the leading cause behind the number of records exposed.
In the first three quarter of 2020, 21% of reported breaches involved the use of ransomware. These ransomware-related events contributed to the unusually high number of unknown (11.2%) and miscellaneous (10.4%) data types exposed.
Following well established trends, the Healthcare sector had the most reported breaches, accounting for 11.5% of the events that could be attributed to a specific economic sector.

5) Dominance of Cloud Computing Grows in Global Enterprises, With Huge Security Implications: Another accelerating trend during the pandemic was the growth of public- and private-sector organizations moving to cloud computing. These moves included everything from infrastructure to applications to full outsourcing using cloud providers ranging from Google to Amazon to Microsoft and even many smaller cloud providers.

Why is this item on a 2020 cyber roundup? As SC Magazine points out in this piece, "As companies scramble to the cloud, security takes center stage."

"Cloud security may seem a well-worn topic. But as the technology and the use cases evolve, so do the considerations for securing networks and data. We transitioned as a community from skeptical, figuring that no virtual environment could be as secure as one confined to the four walls of a data center, to apprehensive – dipping in our toes with lower risk workloads like storage and email. And now most every business, from small to large, relies at least in part on cloud to support the IT infrastructure. 

"But interestingly, the very tactics that contribute to both agility and security within the cloud – hybrid and multi-cloud models – can introduce vulnerabilities if not properly locked down."

Much more on this topic coming in 2021, but I was surprised in 2020 that so many organizations have now created dedicated cloud security teams. Even as email, storage, data, applications, backups and much more are placed in clouds, enterprise teams are focusing more on securing those investments with cloud security solutions that have move from Cloud Access Security Brokers (CASB) to Secure Access Service Edge (SASE) network architectures.

Final Thoughts

Looking back over the past few year-end cyber summaries can also teach us a wider story on the cyber industry. Consider these “Lohrmann on Cybersecurity and Infrastructure” annual security industry headlines from the past six Decembers:

While there are several wider security trends one could name from this list, one unmistakable pattern is the continued merger between the physical world and our online cyber world. With the elections in 2016 and 2020, hurricanes in 2017 and now the pandemic in 2020, worldwide headline trends and major events are dramatically impacting our online worlds in disruptive, accelerating ways.

What does that tell us about the future? You’ll need to wait another week to read about our cyber industry’s trends and expert forecasts in my upcoming post on "The Top 21 Security Predictions for 2021."

No comments: