The sudden shift to remote working environments brought on by the global COVID-19 pandemic led to an increase in attempted cybercrime as cybercriminals attempted to exploit the chaos. The FBI has reported a 300% increase in cybercrimes since the onset of the pandemic earlier this year. Hackers attack every 39 seconds, on average 2,244 times per day. With large amounts of confidential case and client data, law firms are a prime target of cybercriminals. This year, we saw numerous punitive attacks on law firms of all sizes, leading many executives to ask, “What can we do?”
With 2021 right around the corner and remote work continuing to gain widespread acceptance, what does the cybersecurity landscape look like? What are cybersecurity professionals doing to keep businesses safe? How can your law firm mitigate risk? We’ve rounded up some predictions and advice from top cybersecurity leaders.
Hacking attempts will become more prevalent, raising the importance of thoroughly vetting vendors’ cybersecurity and data management policies.
U.S. Legal Support Senior Vice President & Chief Information Officer, Lee Wielenga, notes “With increased online activity due to the onset of COVID-19, hacking attempts and breaches continue to become more prevalent. Moving into 2021, I believe we’ll see the continued widespread acceptance of remote working environments, which means firms will continue to expand their network of service providers in support of virtual operations. Cybercriminals will continue to take advantage of this changing landscape to launch phishing, ransomware and other attacks on law firms and other businesses. It’s more important than ever to thoroughly vet vendors’ cybersecurity and data management policies. It is not enough for a vendor to make claims about their compliance with standards like HIPAA or SOC 2 Type II. Without attestation from a reputable independent auditor, you cannot ensure that systems and operational processes actually are HIPAA compliant and follow SOC 2 Type II guidelines.”
Artificial Intelligence will improve cybersecurity in 2021.
A recent Forbes article looked at how cybersecurity vendors will accelerate Artificial Intelligence (AI) and machine learning app development to combine human and machine insights so they can out-innovate attackers intent on escalating an AI-based arms race.
Hatem Naguib, COO, Barracuda Networks says, “Many attackers use bots as attackers to search for unauthorized access to applications. There are millions of these bots running at all time on the internet and AI is used to determine which are malicious and which are benign.”
Bill Harrod, Federal CTO at Ivanti, says that password related cyberattacks continue to dominate every industry, with there being a reported more than 88 billion credential stuffing attacks alone in a 24-month period. To overcome this issue and kill the password for good, organizations need to take a mobile-centric zero trust security approach. He predicts that using AI and machine learning, this approach will go beyond identity management and gateway approaches by utilizing a more comprehensive set of attributes to determine compliance before granting access.
Remote workers will continue to be the focus of cybercriminals throughout 2021.
Security Magazine gathered seven cybersecurity predictions, starting with the fact that remote workers will continue to be the focus of cybercriminals this next year.
“Cybercriminals will always follow users and launch attacks that exploit their behaviors and habits. We saw this very clearly in 2020 when employees suddenly became remote workers to comply with stay-at-home orders, and their use of technology and devices shifted. Cybercriminals took advantage of this disruption to launch phishing, vishing, ransomware, and a whole slew of other attacks that targeted gaps in companies’ security postures, as many were not prepared to support a remote workforce securely.
“As one example, even prior to the pandemic, many companies (82%) enabled bring your own device (BYOD) for employees, partners, or other stakeholders. However, 72% lacked BYOD malware protection entirely or relied upon endpoint software installations. As the pandemic has further enabled BYOD, this lack of preparedness is potentially disastrous.”
Other predictions include:
- Legacy security architecture like VPNs will be the weak link for many organizations
To quickly ramp up remote operations and comply with stay-at-home orders, many organizations looked to legacy security architectures like VPNs as a silver bullet solution for remote work. However, this is not a sufficient long-term solution as VPNs introduce latency, hamper productivity, can be difficult to scale, and can grant employees excessive access to internal resources.
- To cope with reduced budgets, CSOs and CISOs will seek convergence across security solutions
Despite budget-related adversity, security executives must still close the digital transformation gap within their organizations. As such, convergence and simplicity will be key.
- The impact of breaches in the healthcare sector may be deadly
Knowing that cyberattacks can have fatal consequences and that many healthcare organizations may not have adequate cybersecurity controls in place, attackers are in a prime position to exfiltrate PHI or get healthcare organizations to pay a ransom.
- Financial organizations beware, more attacks are coming
Financial services organizations and other firms that are responsible for the security of consumer financial data must remain vigilant in their cybersecurity efforts throughout 2021. The high value of financial data, including Social Security numbers, banking details, and more, makes it a lucrative target for cybercriminals.
- COVID-19 forced organizations to accelerate digital transformation efforts
It’s difficult to reflect on the year 2020 and identify highlights or “good news.” However, if we look at the year from a technological point of view, we can discern a silver lining. Specifically, there were rapid digital transformation efforts across industries organizations strove to comply with stay-at-home orders.
Digital transformation has been an ongoing objective for countless organizations since the early 2010s. If stay-at-home orders were never enforced due to COVID-19, it’s possible that digital transformation still would have been on many organizations’ to-do lists throughout the next decade.
IT industry outlook 2021 – what to watch for.
CompTIA, a leading voice and advocate for the global information technology ecosystem, recently published their IT Industry Outlook 2021 which provides insight into the trends shaping the industry, its workforce and its business models.
“Digital operations are more important than ever, with many transformative changes accelerating over the past year. Fair treatment for all is an absolute mandate, making diversity, equity and inclusion a top priority. The influence of technology is massive, forcing new approaches to regulatory behavior.” Below are trends they identified to watch for in 2021.
For law firms and businesses of all sizes, safeguarding data and mitigating risk are top priorities for 2021 and beyond. Being aware of potential vulnerabilities and leveraging technology plus proper security strategies and protocols can help to mitigate risk. U.S. Legal Support offers security and data protection that no other end-to-end litigation support services company can provide. Learn more here.