Home Insights Opinion A CEO’s secrets – snooping cyber-criminals to bring down a WFH chief executive Connected home devices could be opening the door for hackers to access corporate assets by Sébastien Pavie December 25, 2020 Homeworking is set to stay in 2021, as companies look to strike a better work-life balance for their employees will jump at the chance to continue working from their garden or living room. As a result, with more people working from home, expect to see an increase in smart devices as everyone aims to make their lives more convenient. However, this could open the door, with smart homes set to become the new battlefield for cyber-criminals. Unbeknownst to senior business leaders, the adoption of connected devices like baby monitors and security cameras could be opening the door for hackers to listen in on their confidential work conversations. Whether it’s discussing sales figures, business strategy or product development, including details of the company’s IP, this information could be valuable if it falls into the wrong hands and is sold to rivals. Internal cybersecurity skills training to close external skills gap The explosion of remote working in 2020 has brought with it more risks than businesses could ever expect. While employees now sit on couches accessing an organisation’s most sensitive data from their living rooms, hackers are waking up each day with new methods of attack, praying on businesses weakened by this year’s challenges and those vulnerable to exposure. However, with a security talent gap out there businesses won’t be able to hire enough employees with the right skills to protect the company. As such, 2021 will see a shift in mentality with businesses making cybersecurity training an aspect of every role and all job descriptions moving forward. This in turn will help to close the talent gap that’s long plagued the security industry. Government and companies together to deploy trusted digital identities As the world becomes increasingly more digital focused, 2021 will see more digital identities initiatives popping up, which will have to come along secure digital identity verification solutions based on official ID document checks. Despite the way things have transformed for people this year, physical documents are still required to verify who people are like for banking purposes for instance, with ID documents like passports and driving licences having to be taken in, scanned or details inserted. In today’s world, through safety and convenience, people want to be able to verify themselves digitally. To make this happen, a private and public sector cooperation is expected to offer users convenience and security when trying to get authenticated through online platforms. 2021 will be the first year that digital identity becomes mainstream in the UK. Resilience is the new efficiency As the pandemic hit, many companies were forced to react quickly to keep themselves going and meet customer needs. However, this move to digital has opened up a gateway for hackers, who have attempted to take advantage of a great attacker surface. 2021 will start to see the trend towards efficiency over resilience reversed as companies realise the damage that can be done if these key services go down. This could result in the security budget overtaking the R&D budget next year. Business will take the fight to hackers The business-hacker relationship has largely always been one way, with cyber criminals attempting to break in and businesses reacting to this. However, 2021 will see that relationship changes as businesses go on the offensive and attempt to throw hackers off their game. Companies will start using deceptive techniques such as deploying fake high-attraction systems to divert attackers, or leave fake credentials (breadcrumbs) that lead to a fake high-value target. Cybersecurity recruitment to coincide with vaccine roll out If 2020 is to be defined by the Coronavirus, then 2021 will, hopefully, be the year of the vaccine. Scientists and the medical professionals have been working against the clock to produce a vaccine that will mitigate the virus but within that, unfortunately, are threat actors looking to upset the process and steal data. With medical and logistical information at such a premium, the UK still faces a cybersecurity talent shortage that could leave its health industry exposed. In 2021, expect to see a greater effort from the healthcare industry to access cybersecurity expertise both from a recruitment perspective and a partnership viewpoint in order to protect their systems and against misinformation about the vaccine process. Companies set aside budget to respond to crypto-ransomware With the world so interconnected, 2021 will see hackers adapt their currently highly successful crypto-ransomware campaigns against a company’s enterprise networks, to also start targeting their vital industrial and process control systems. As businesses progress with their digital transformation programmes, they will become increasingly attractive targets for ransomware gangs. These attackers will block access to vital production and automation services rendering companies unable to operate, unless they pay or institute an expensive and time-consuming recovery exercise. As a result, we’re likely to see a dramatic uptick in companies paying crypto ransoms in 2021 or conducting resiliency exercises, with many setting aside a portion of their budgets to prepare for it during the year. Sébastien Pavie is the regional vice president for Cloud Protection and Licensing activities at Thales 0 Comments