The coronavirus pandemic has added new layers to the threat landscape facing corporate security leaders in 2020 and going into 2021, as well. As businesses and workforces sought to adapt rapidly to remote working at scale, malicious groups and other threat actors began exploiting opportunities to target stressed people and systems with malware. The malware – increasingly sophisticated and leveraging social engineering techniques to deceive users into providing access to systems and data – continues to become more damaging to businesses.

Ransomware, phishing and compromised or stolen credentials continued to cause damage in 2020, with the Office of the Australian Information Commissioner (OAIC) citing these threats as the main sources of reported data breaches involving cyber-incidents between July and December of that year. Though not plainly evident, these attacks have been successful as a result of misconfigured IT systems or unauthorized changes. The report for the previous six-month period noted a steep rise in ransomware in particular, including attacks that resulted in copying or exfiltrating data, as well as encryption of the data on the target network, further increasing the risk to businesses and their customers.

Given the success of ransomware attacks in Australia and globally to date, criminal activities involving this type of malware are only likely to escalate, promising migraines for security professionals into 2021 and beyond.

Businesses are acutely aware that their exposure to this dynamic security environment is far greater than in previous years due to government efforts to step up protections and penalties for data breaches involving personal data. However, at the same time, they are continuing to implement comprehensive digital transformation programs that connect systems and data in new ways and through new processes – placing even greater pressure on time- and resource-constrained security teams to become more agile and responsive.

As governments, health (Read more...)