2020 will be remembered as a dreadful year (you know, like when you’re watching a Quentin Tarantino movie and you’re in a permanent state of “wtf did I just saw?”). However, businesswise, it was a year of extremes: apocalyptical for some sectors - travel/tourism and pretty much everything that required a physical store; and a huge opportunity for others - online/digital native businesses took a lesser hit or actually soared. E-commerce is an example of the latter and with it we saw an amplification of its pains, such as hackers and fraudsters. Those guys are having a hell of a year (but unlike most of us, in a good way).

With so many transactions taking place online during the lockdown (and after that), the pond of opportunities to get to credit card data got bigger and bigger each day. Also, the massive adoption of remote work posed challenges from both networking and security perspectives. The output? Coronavirus-related attacks increased exponentially from under 5,000 per week in February to over 200,000 per week in late April.

The pandemic has accelerated the shift away from physical stores to digital shopping by five years, and cybercriminals wasted no time and quickly came up with sophisticated ways to take advantage of the chaos. As the Covid-19 outbreak was spreading, so was cybercrime.

With no surprise, the finance industry has been particularly hard-hit, registering an increase of 238% in attacks only in the first two months of the lockdown. In March, a new type of Android mobile malware, EventBot, was discovered. It steals user data from financial apps, reads SMS messages, and uses them to bypass two-factor authentication. EventBot has been targeting users of over 200 different financial institutions, including Paypal, Revolut, Barclays, and TransferWise.

In the midst of it all, online credit card skimming criminals were hyped. RiskIQ, a security firm, detected a 20% increase in online skimming activity in March compared to February. There were even some high-profile cases, like Tupperware, and what’s even more interesting in this type of attacks (magecart and similars) is that they can remain undetected for months, even years, providing a never-ending stream of fresh credit cards to the attackers (unless the online shop has Jscrambler 😉).

We’ve also seen an increase in API attacks (yet, truth to be told, this was already a trend) and companies like Facebook, Twitter, Uber or Shopify all had API incidents. Both startups and enterprises focused on cybersecurity are exploring this field and adapting their products to address it (Probely is one of them #justsaying).

Technological transformation was highly propelled by the pandemic, and decentralized work is now the norm, which raises a lot of security issues. Many of these transition processes from the offices to homes had to occur too rapidly and perimeter-based security didn’t cut it. 

Access to corporate resources remotely through virtual private networks (VPN) was supposed to be strict. But, as the paradigm shift was so abrupt, remote policies ended up being more permissive than they should, which basically invited hackers in - through fake requests to reset VPN accounts, fake sign-in pages for Zoom accounts, and fake company emails. 

If we have something to learn is that we were really unprepared for the level of protection home workers and the tools they use require, which clearly boomeranged right back at us. Providing secure remote access to resources should be the number one priority of businesses. 

In the aftermath of all the confusion, some predictions for the post-pandemic world are starting to take shape. The main cybersecurity investments will be in cloud-based technologies and Zero Trust architecture, with more than half of business leaders speeding up the deployment of Zero Trust capabilities as a result of remote work’s growth. The Zero Trust journey is taking off and we at Bright Pixel believe in the concept and actually have invested in this space (Fyde) - but more on that later this year.

To endure in this hostile environment with threats lurking in every corner, companies need to build solid strategies to be digitally bulletproof as much as possible, combining technology, training for employees, and help from a set of experts. About the latter, you might want to find your expert very soon, as the number of unfilled jobs in the industry will grow by 350%.

Nobody knows when the pandemic will end. But one thing we do know is that some of its effects don’t seem to be going anywhere. As we adapt to this new reality, there’s no doubt it demands beefing up our cyber approach. Vaccination is always better than treatment. And for this, at least we have options.

Disclaimer: In case you're wondering, yes, all titles are quotes from Pulp Fiction.