December 2020 was a massive month in cybersecurity. Between SolarWinds, FireEye, and Microsoft, every cyber professional was on edge, and we can expect to see our fair share of notable cyber threats this year as well.
So what can we do about it? Our nation-state grade cyber defense experts pulled their heads together to bring out some predictions for what we can expect to focus on in your cybersecurity strategy on this year.
MSP attacks will be on the rise
Due to the massive and swift jump to cloud thanks to the pandemic, MSPs will most likely be a major threat vector. Corners were cut. Things were missed in order to get up and running. As we saw with SolarWinds, the impact can be massive. There will be more to gain for an attacker to hit a telecom than it would to attack businesses individually. As part of your third party risk management program, taking a good look at your MSPs and how you can reduce risk there is important. You can check out our blog on MSP attacks for some tips you can implement right now.
Supply chain will be continually targeted
While MSP attacks are part of the supply chain, the entire vector is worth mentioning. Attackers have seen how effective this vector can be and will try to replicate it. Since there are several links that can be broken in the supply chain, attackers have multiple attempt entry points. If you’re looking for a good focus for your budget this year, a holistic third party risk assessment is a good idea. One that is tied to your business ideals and your personal risk register, scoring, and appetite.
Finance, Healthcare, and Pharma will be highlighted targets
Remote Workers will continue to be an easy target
The financial impact of a breach will increase again
Disinformation will continue to threaten national security
While this might not sound like a cyber threat per se – any media company knows the potential cyber impact of disinformation. Hacktivist groups, nation-state attack groups, and others can absolutely launch a cyber attack based on disinformation. With geopolitical tensions what they are due to the pandemic, this can continue to be a serious cyber defense threat. We saw this firsthand last week with the attack on the Capitol in the U.S. The physical access breach left many machines potentially compromised.
Changes to Cyber Insurance
The cyber insurance industry is about to go through upheaval as their policies are becoming loss making. Cyber insurance could become more difficult to purchase. While this helps alleviate the relying on insurance problem, other things could go to the wayside to qualify for insurance that have nothing to do with actual cyber defense.
It all comes down to third party risk management
Ultimately, there will be a big focus on third party risk management this year. Most of these are rooted in third party risk – even disinformation. Social media is an example of a non-supply chain version of it. Being mindful of this vector can significantly help reduce risk in your environment.