IT Brief New Zealand logo
Technology news for New Zealand's largest enterprises
Story image

Securing the 'next normal' — Check Point's cybersecurity predictions for 2021

By Shannon Williams
Wed 11 Nov 2020
FYI, this story is more than a year old

More COVID-19 related attacks, developments in malware and cyber-conflicts, and new threats to 5G and the Internet of Things are predicted to top organisations’ security agendas during the next 12 months, according to Check Point.

Check Point Software Technologies has released its cyber-security predictions for 2021, detailing the key security challenges that organisations will face over the next year.

Check Point states that the effects of the changes introduced during the COVID-19 pandemic will continue to be a key focus for organisations’ IT and security teams. 81% of enterprises have adopted mass remote working for their employees, with 74% planning to enable it permanently. 

The company is also warning of emerging ransomware and botnet threats, and the challenges of securing new 5G networks and the explosion in connected devices it will power.

“The COVID-19 pandemic derailed business-as-usual for virtually every organisation, forcing them to set aside their existing business and strategic plans, and quickly pivot to delivering secure remote connectivity at massive scale for their workforces," says Dr. Dorit Dor, vice president of products at Check Point Software Technologies.

"Security teams also had to deal with escalating threats to their new cloud deployments, as hackers sought to take advantage of the pandemic’s disruption:  71% of security professionals reported an increase in cyber-threats since lockdowns started.
 
“One of the few predictable things about cyber-security is that threat actors will always seek to take advantage of major events or changes – such as COVID-19, or the introduction of 5G – for their own gain," says Dor.

"To stay ahead of threats, organisations must be proactive and leave no part of their attack surface unprotected or unmonitored, or they risk becoming the next victim of sophisticated, targeted attacks.”

Check Point’s cyber-security predictions for 2021 are broken down into three categories:  COVID-19 related developments; malware, privacy and cyber-conflicts; and emerging 5G and IoT platforms.

Pandemic-related developments

  • Securing the ‘next normal’: In 2021, Covid-19 will still be impacting our lives, businesses and societies, and those impacts will change as the year progresses. So we need to be ready for a series of ‘next normals’ as we respond to those changes. Following the rush to remote working, organisations need to better secure their new distributed networks and cloud deployments to keep their applications and data protected. This means enforcing and automating threat prevention at all points of the network – from employees’ mobiles and endpoints, to IoT devices, to clouds – to stop advanced attacks from spreading rapidly across organisations, and exploiting weaknesses to breach sensitive data. Automating prevention will be critical, as 78% of organisations say they have a cyber-skills shortage.
  • No cure for COVID - related exploits: As COVID-19 will continue to dominate headlines, news of vaccine developments or new national restrictions will continue to be used in phishing campaigns, as they have been through 2020. The pharma companies developing vaccines will also continue to be targeted by malicious attacks from criminals or nation-states looking to exploit the situation.
  • School’s out – targeting remote learning: Schools and universities have pivoted to large-scale use of e-learning platforms, so perhaps it’s no surprise that the sector experienced a 30% increase in weekly cyber-attacks during the month of August, in the run up to the start of new semesters. Attacks will continue to disrupt remote learning activities over the coming year.

Malware, privacy and cyber-war

  • Double extortion increases the ransomware stakes: Q3 of this year saw a sharp rise in double-extortion ransomware attacks: hackers first extract large amounts of sensitive data, prior to encrypting a victim’s databases. Then attackers threaten to publish that data unless ransom demands are paid, putting extra pressure on organisations to meet hackers’ demands. 
  • The botnet army will continue to grow: Hackers have developed many malware families into botnets, to build armies of infected computers with which to launch attacks. Emotet, the most commonly-used malware in 2020, started as a banking trojan but has evolved to become one of the most persistent and versatile botnets, capable of launching a range of damaging exploits, from ransomware to data theft.
  • Nation shall attack nation: Cyber-attacks by nation states will continue to grow, for espionage or to influence events in other countries.  Microsoft reported that threat actors from just three countries launched 89% of nation-state hacking incidents over the past year. Over recent years, the focus has been on securing national critical infrastructure, and while this remains essential, it’s also important to recognise the impact of attacks against other state sectors. These include national healthcare organisations and Government departments, such as March 2020’s Vicious Panda campaign targeting Mongolia. 
  • Weaponising deepfakes: Techniques for fake video or audio are now advanced enough to be weaponised and used to create targeted content to manipulate opinions, stock prices or worse. Earlier this year, a political group in Belgium released a deepfake video of the Belgian prime minister giving a speech linking COVID-19 to environmental damage and calling for action on climate change. Many viewers believed the speech was real. At a simpler level, audio could be faked for voice phishing – so that a CEO’s voice could be forged to bypass voice authentication.
  • Privacy? What privacy?: For many people, their mobile devices are already giving away much more personal information than they realise, thanks to apps demanding broad access to peoples’ contacts, messages and more. This has been magnified with buggy COVID-19 contact-tracing apps, which have privacy problems, leaking data about individuals. And that’s just legitimate apps: mobile malware targeting users’ banking credentials and committing click-fraud on adverts is a major growing threat.

New 5G and IoT platforms

  • 5G benefits and challenges: The totally connected, high-speed world promised by 5G also gives criminals and hackers opportunities to launch attacks and cause disruption by targeting that connectivity. E-health devices will collect data about users’ wellbeing, connected car services will monitor users’ movements, and smart city applications will collect information about how users live their lives. This massive volume of data from always-on, 5G devices will need to be protected against breaches, theft and tampering to ensure privacy and security against attacks, especially as a lot of this data will bypass corporate networks and their security controls. 
  • Internet of Threats: As 5G networks roll out, the numbers of connected IoT devices will massively expand – drastically increasing networks’ vulnerability to large scale, multi-vector cyber-attacks. IoT devices and their connections to networks and clouds, are still a weak link in security: it’s hard to get complete visibility of devices, and they have complex security requirements. We need a more holistic approach to IoT security, with a combination of traditional and new controls to protect these ever-growing networks across all industry and business sectors.
Related stories
Top stories
Story image
SaaS
Maintaining secure systems with expectations of flexible work
Most office workers feel they've proved they can work successfully from home, and as much as employers try, things aren't going back to the way they were anytime soon.
Story image
ChildFund
ChildFund launches new campaign to protect children online
ChildFund says WEB Safe & Wise aims to protect children from sexual exploitation and abuse online while also empowering them to become digitally savvy. 
Story image
Data Protection
Barracuda launches new capabilities for API Protection
"Every business needs this type of critical protection against API vulnerabilities and automated bot attacks," Barracuda says.
Story image
Infrastructure
Nutanix study reveals financial services sector lagging with multicloud adoption
Nutanix has released new research that reveals the financial services sector is lagging behind when it comes to multicloud adoption.
Story image
Microsoft
PwC NZ unveils new Cloud Security Operations Center
PwC New Zealand has unveiled its new Cloud Security Operations Center for the entire Microsoft technology stack.
Story image
Sisense
Data and analytics could be key to higher selling prices in APAC
Sisense's latest report has found that almost half of data professionals in APAC think customised data and analytics can create better selling prices for their products.
Story image
Digital Transformation
The impact of COVID-19 on healthcare environments and care delivery
The COVID-19 pandemic has revolutionised the healthcare industry while overcoming staff shortages, social distancing requirements, and lockdowns.
Story image
Collaboration
Meadows exits Ingram Micro New Zealand on a good note
We look at the resignation of Danny Meadows from Ingram Micro's New Zealand Unified Communications & Collaboration business unit.
Story image
Cybersecurity
NCSC advisory highlights poor security configurations
The GCSB's National Cyber Security Centre (NCSC) has released a cyber security advisory identifying commonly exploited controls and practices.
Story image
Digital Transformation
The Huawei APAC conference kicks off with digital transformation
More than 1500 people from across APAC have gathered for the Huawei APAC Digital Innovation Congress to explore the future of digital innovation.
Story image
Vodafone
Vodafone NZ buys remaining stake in retail joint venture
Vodafone New Zealand has purchased the remaining 50% stake in the specialist joint venture (JV) with private equity company Millennium Corp.
Story image
Attain
Revenue operations is taking centre stage
As the business world continues to evolve, new demands need to be met to keep up with the ever-changing landscape. 
Story image
Wireless Nation
Wireless Nation, N4L provide 4G network to remote NZ schools
Wireless Nation and Network for Learning (N4L) have rolled out the Rural Connectivity Group’s (RCG) new 4G network to better connect three Chatham Islands schools.
Story image
Sustainability
Grasping the opportunity to rethink the metrics of a sustainable data centre
A data centre traditionally has two distinct operations teams: the Facility Operations team, and the IT Operations team. Collaboration between them is the key to defining, measuring, and delivering long-term efficiency and sustainability improvements.
Story image
Digital Transformation
Pluralsight and Ingram Micro Cloud team up on cloud initiative
Pluralsight has teamed with Ingram Micro Cloud to build upon cloud competence and maturity internally, and externally support partners’ capabilities.
Story image
Artificial Intelligence
AI-based email security platform Abnormal Security valued at $4B
"A new breed of cybersecurity solutions that leverage AI is required to change the game and stop the rising threat of sophisticated and targeted email attacks."
Story image
Artificial Intelligence
CFOs using digital workers and AI to prevent unnecessary loss
New technology is now allowing CFOs to use digital workers to automate their accounting processes, making it easier for them to avoid unnecessary losses.
Story image
Remote Working
How zero trust and SD-WANs can support productive remote working
The way people connect with applications and data has changed, users are remotely accessing resources that could be stored anywhere from a corporate data center to the cloud.
Story image
CRM
Zendesk announces new conversational CRM solutions
“The last few years have made it obvious that digital is the front door, convenience is paramount and relationships are anchored in conversations."
Story image
Supply chain
Jetstack promotes better security with supply chain toolkit
The web-based resource is designed to help organisations evaluate and plan the crucial steps they need to establish effective software supply chain security.
Darktrace
Threat actors are exploiting weaknesses in interconnected IT/OT ecosystems. Darktrace illuminates your entire business and takes targeted action to stop emerging attacks.
Link image
Story image
Commerce Commission
ComCom appeals $2.25 million fine in Vodafone FibreX case
The Commerce Commission has filed an appeal in the High Court against a $2.25 million fine imposed on Vodafone NZ for its offending under the Fair Trading Act.
Story image
Sustainability
Legrand unveils Nexpand, a data center cabinet platform
Legrand has unveiled a new data center cabinet platform, Nexpand, to offer the necessary scalability and future-proof architecture for digital transformation.
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
Story image
Malware
New vulnerabilities found in Nuspire’s Q1 2022 Threat Report
“Threat actors are quickly adjusting their tactics and these exploits tend to get industry attention, but the threat posed by older and attacks still persists."
Story image
Apricorn
Data backup plans inadequate, data still at risk - study
The Apricorn 2022 Global IT Security Survey revealed that while the majority organisations have data backup plans in place, data for many are at risk.
Story image
Sustainability
Power at the edge: the role of data centers in sustainability
The Singaporean moratorium on new data center projects was recently lifted, with one of the conditions being an increased focus on power efficiency and sustainability.
Story image
Lightspeed
Lightspeed launches all-in-one marketing platform in A/NZ
ECommerce provider, Lightspeed has launched a new all-in-one marketing solution, Lightspeed Marketing & Loyalty in Australia and New Zealand.
Story image
Sift
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
SaaS
Rubrik Security Cloud marks 'next frontier' in cybersecurity
"The next frontier in cybersecurity pairs the investments in infrastructure security with data security giving companies security from the point of data."
Story image
Cybersecurity
Hard numbers: Why ambiguity in cybersecurity no longer adds up
As cybersecurity costs and risks continue to escalate, CEOs continue to struggle with what their investment in cyber protection buys. Getting rid of ambiguity becomes necessary.
Story image
Cybersecurity
The 'A-B-C' of effective application security
Software applications have been a key tool for businesses for decades, but the way they are designed and operated has changed during the past few years.
Story image
Data Center
Preventing downtime costs and damage with Distributed Infrastructure Management
Distributed Infrastructure Management (DIM) can often be a lifeline for many enterprises that work with highly critical ICT infrastructure and power sources.
Story image
Digital Transformation
How to modernise legacy apps without compromising security
At a time when digital transformation has become central to business, even the most important applications come with a ‘use-by’ date.
Story image
Digital Transformation
Trading up: It's time to swap core systems for flexible digital applications
This year will see more oranisations planning and commencing high tech renovations that will shake up the way they operate.
Story image
Cybersecurity
A10 Networks finds over 15 million DDoS weapons in 2021
A10 Networks notes that in the 2H 2021 reporting period, its security research team tracked more than 15.4 million Distributed Denial-of-Service (DDoS) weapons.
Story image
Cloud Security
Aqua Security createa unified scanner for cloud native security
“By integrating more cloud native scanning targets into Trivy, such as Kubernetes, we are simplifying cloud native security."
Story image
Ransomware
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
Story image
Amazon Web Services / AWS
RedShield leverages AWS to scale cybersecurity services
"Working with AWS gives RedShield the ability to mitigate significant application layer DDoS attacks, helping leaders adopt best practices and security architectures."
Softiron
For every 10PB of storage run on HyperDrive vs. comparable alternatives, an estimated 6,656 tonnes of CO₂ are saved by reduced energy consumption alone over its lifespan. That’s the equivalent of taking nearly 1,500 cars off the road for a year.
Link image
Booster
Booster Innovation Fund. A fund of Kiwi ingenuity – for Kiwi investors.
Link image
Story image
Excel
Could your Excel practices be harming your business?
While Excel has been the de-facto standard for budgeting, planning, and forecasting, is it alone, enough to support organisations in the global marketplace that’s facing rapid changes due to digital transformation?
Exabeam
Find out how a behavioural analytics-driven approach can transform security operations with the new Exabeam commissioned Forrester study.
Link image
Story image
Qualys
Qualys updates Cloud Platform solution with rapid remediation
The new update is designed to enable organisations to fix asset misconfigurations, patch OS and third-party applications, and deploy custom software.