When COVID-19 hit and then started forcing massive enterprise changes in March, it caused a significant change in the enterprise threat landscape. That is even more troubling given that it all happened within a few days, which required the cutting of security corners for everything, especially the creation of remote sites.
COVID also accelerated movement to cloud—a lot faster than had been expected in January 2020. Those new remote sites, part of a gigantic flip in dataflows and personnel that turned an average 90% internal to 90% external, also opened the floodgates for orders of magnitudes more IoT devices. Even worse, these were especially insecure consumer-grade IoT devices, which typically sneaked into sensitive systems by piggybacking on VPN transmissions.
With such a different enterprise threat landscape, CISOs might be expected to deploy different cybersecurity strategies and use different cybersecurity tools. If what is being protected is so very different, wouldn’t that necessitate equally different defense mechanisms?
No such dramatic change has happened with most enterprise cybersecurity defenses because the bad guys have not yet meaningfully changed their attack methodologies. They have increased the volume and intensity but not the specific attack methods. It’s almost universally held that this is a short-term situation and the bad guys will change their methods very soon, almost definitely by early 2021.
What will those new attack methodologies look like? We reached out to a variety of cybersecurity experts to find out.