To gain an insight into where threat actors are focusing their aim, Digital Journal caught up with Jonathan Meyers, Principal Infrastructure Engineer / Head of IT at Cybrary.
Ready or Not, Here They Come: Hospitals and State & Local Governments Remain Prime Targets
Although nearly every industry, ranging from state and local governments and universities to hospitals and financial services have all fallen victim to attacks, it’s been somewhat surprising that we haven’t seen even more successful attacks, especially against state and local governments and hospitals. Cyber attackers often cast an extremely wide net to increase their odds of a successful breach, so we’ll continue to see more governments and hospitals either learn they’ve already been compromised, or admit they were previously compromised sooner rather than later. These types of organizations are often short-staffed and lack security budgets, even before considering the impacts of COVID-19, and they don’t have the proper resources to analyze historical data when implementing new security measures. In the case of state and local governments, since they’re currently in the transition process following the recent 2020 elections, security issues could very easily be left on the backburner by outgoing staff or even overlooked by the incoming members.
No Vaccine for IoT Devices
Many business leaders and decision makers believe that the era of remote work will be forever, but that’s unlikely to be the case as many organizations are already starting to implement a tentative return to work plan. Not only should the physical health of employees be considered during these times, but the digital health of devices and networks must be given serious consideration.
Employees’ personal laptops and mobile devices have been connected to potentially compromised networks outside of the typical layers of security provided by an employer. Frequent and in-depth scans and security due diligence will be a necessary requirement before these devices return to the network, as employees have never had to deal with these types of issues on such a large scale, or at all, before.
Jumping the Gun: Trends Remain Overhyped in 2021
The hype around artificial intelligence (AI) and machine learning (ML) is getting out of hand, especially as it relates to cybersecurity. Sure, they are potentially revolutionary technologies that could have either extremely beneficial or extremely disruptive implications, but the industry currently does not have a good enough understanding of AI and ML to be able to use them at the scale that’s necessary to make them effective and useful (or harmful). More often than not, organizations use these terms for marketing purposes, especially considering the price associated with them is unrealistic for all but a very select few.
Ghosts of Legislations Past
The results of the 2020 Presidential election will bring about significant changes to cybersecurity policy in 2021. Due to COVID-19 precautions, there are currently differing opinions on whether or not employees are able to safely return to their offices, or if remote work is needed for a longer period of time. Additionally, with a new FCC commissioner, net neutrality is likely to make a comeback in the news, and backdoor encryption is another hot topic a new administration will have to deal with. Regardless of the final decisions, organizations and security leaders must be as educated on the current policies and understand their far-reaching security ramifications.
