Ringing in 2020 with COVID-19 caught many organizations off guard and forced them to rethink the locations of their entire workforce to survive. Some companies were able to read the tea leaves early and make the necessary adjustments, thereby reducing the amount of friction for their employees.
Arm yourself with the best tools to respond to a crisis.
It is fair to say that no matter how well we weathered the storms of 2020, we have found ourselves in uncharted territory, facing continued uneasiness in 2021. How will our organization manage what’s coming? What is coming in 2021 that we haven’t already dealt with this year?
A new year…brings new opportunities for social engineers to continue to adapt and target any one of us.
Will we ever get to a point where we can honestly tell our employees (and ourselves) that the worst is behind us? Will there be a COVID-19 vaccine, and can we start going back into the office? Perhaps. However, considering the rapid changes we face together and our ability to adapt to such changes, so do the tactics and subject matter of the social engineers. Said another way: A new year and new issues brings new opportunities for social engineers to continue to adapt and target any one of us.
COVID-19 Challenges in 2021
Imagine a world where major news networks, social media, and governmental bodies indicate that there is, in fact, a COVID-19 vaccine that is safe and effective. Imagine further that local news reports begin talking about the vaccine being available soon – and now imagine how social engineers can take advantage of this situation.
With so many employees working from home and many of these employees using their corporate-owned devices for personal reasons, it is imperative that endpoint protection on these devices is kept up to date, but that is still no guarantee that the employee will be fully protected.
As robust as enterprise email security may be, malicious emails can still make it into a corporate inbox or…a personal inbox of an employee. Do corporate policies prohibit checking personal email on a company-owned device? Should the policy do so? Have employees been given adequate security awareness training that focuses on their personal inbox versus corporate?
Think about all the things we care about as work at home employees and how many of us would like to go back to those days.
Let’s ask ourselves: How hard would it be for an employee to not click on a link that looked legitimate, stating that you could now register for your COVID-19 vaccine? What about an email that had a subject line concerning the re-opening of your corporate office? Think about all the things we care about as work at home employees, the way the world was in December 2019, and how many of us would like nothing more than to go back to those days – and now think about how social engineers will try and take advantage of those feelings.
Ransomware Will Be Another Attack in 2021
Perhaps sooner versus later, someone will end up with ransomware on a device via social engineering. Then what? It goes without saying that all corporate sensitive and critical data needs to be backed up – and backed up often. While it may not sound like a perfect situation or solution, the ability to discard a compromised machine, simply deploy a new device with the backed up data, and most importantly, not pay a ransom is far easier than our ongoing games of playing cat and mouse, and trying to outguess the latest ransomware attack.
A Cautionary Approach
If 2021 is anything like 2020, we should remain buckled up and prepared for some of the same attacks we’ve seen in previous years but with different flavors. Social Engineering campaigns, based upon world events, have been and will continue to be launched, and there’s going to be a certain percentage of persons who fall for these attacks. How we protect against and handle such attacks can mean the difference between revisiting these questions a year from now or sitting on the sidelines, watching others fight.
Get advanced tools to plan your next crisis response.
Share this article
About the Author
Born and raised in Northern California, Mark joined the US Army in 1993 and served for six years as a Counterintelligence Agent. Mark went on to spend nearly a decade at Northrop Grumman as a senior software engineer while attaining a Juris Doctorate from George Mason School of Law. Mark then journeyed on to become the Director of Software and Mobile Security for Aetna/CVS before joining Bluescape as CISO in June 2019.
Stay in the loop. Subscribe today!
Sign up for weekly email updates of our latest blog posts.